CVE-2016-20047

HIGH

EKG Gadu 1.9 Local Buffer Overflow via Username Parameter

Title source: cna

Description

EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.

Exploits (1)

exploitdb WORKING POC

by Juan Sacco · pythonlocallinux

https://www.exploit-db.com/exploits/40392

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/40392

[Product] http://ekg.chmurka.net/

[Third Party Advisory] https://www.vulncheck.com/advisories/ekg-gadu-local-buffer-overflow-via-username-parameter

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 5.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

ekg/EKG Gadu 1:1.9~pre+r2855-3+b1

Published Mar 28, 2026

Tracked Since Mar 29, 2026