NextGuard
UNKNOWNCVE-2016-20042

TRN 3.6-23 Stack Buffer Overflow Local Code Execution

Platform

linux

Component

threaded-usenet-news-reader

View on NVD

TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.

How to fix

Actualizar TRN a una versión posterior a 3.6-23 o considerar el uso de un lector de noticias USENET diferente. La vulnerabilidad permite la ejecución de código arbitrario, por lo que es crucial tomar medidas para mitigar el riesgo.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free