CVE-2016-20044

NameCVE-2016-20044
DescriptionPInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pinfo (PTS)bullseye0.6.13-1.1undetermined
bookworm0.6.13-1.3undetermined
forky, sid, trixie0.6.13-2undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pinfosource(unstable)undetermined

Notes

https://www.exploit-db.com/exploits/40023
Search for package or bug name: Reporting problems