CVE-2016-20047
Local Buffer Overflow in EKG Gadu 1.9 Allows Code Execution
Publication date: 2026-03-28
Last updated on: 2026-03-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ekg | gadu | to 1.9~pre+r2855-3+b1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2016-20047 is a local buffer overflow vulnerability in the EKG Gadu 1.9~pre+r2855-3+b1 application. It occurs in the handling of the username parameter, where the program uses the strlcpy function to copy the username string. If a local attacker supplies a crafted username longer than 258 bytes, it triggers an out-of-bounds write that overwrites the instruction pointer.
This overflow allows the attacker to execute arbitrary code with the privileges of the user running the application by injecting shellcode and controlling the instruction pointer.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system with the same privileges as the user running EKG Gadu. This can lead to unauthorized actions such as privilege escalation, data manipulation, or disruption of service.
Because the attacker can overwrite the instruction pointer and run shellcode, the impact includes full compromise of confidentiality, integrity, and availability of the affected system or user session.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local buffer overflow in the EKG Gadu client triggered by supplying an oversized username string exceeding 258 bytes. Detection involves checking if the vulnerable version of EKG Gadu (1.9~pre+r2855-3+b1 or earlier) is installed and potentially testing the username input handling.
Since the vulnerability is local and triggered by a crafted username, detection can be done by attempting to run the vulnerable program with an oversized username string and observing if a buffer overflow or crash occurs.
Suggested commands to detect the vulnerability include running the EKG Gadu executable with a crafted username argument exceeding 258 characters, for example using a command similar to the exploit approach:
- python -c 'print("A"*259)' | ./ekg-gadu
Alternatively, debugging tools like gdb can be used to trace the overflow in the strlcpy function when passing the oversized username.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing local attackers from running the vulnerable EKG Gadu version or supplying oversized username strings.
Specifically, you should:
- Update or patch EKG Gadu to a version that fixes the buffer overflow vulnerability.
- Restrict local user access to the vulnerable application to trusted users only.
- Implement input validation or limit the length of username strings accepted by the application if possible.
- Monitor and audit local user activities to detect attempts to exploit the vulnerability.