CVE-2016-20048
Local Buffer Overflow in iSelect Allows Arbitrary Code Execution
Publication date: 2026-03-28
Last updated on: 2026-03-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ossp | iselect | 1.4.0-2+b1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details on how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local buffer overflow triggered by supplying an oversized value to the -k/--key parameter of the iSelect 1.4.0-2+b1 binary. Detection involves checking for the presence of the vulnerable iSelect version and monitoring or testing the behavior of the -k parameter.
You can detect the vulnerability by verifying the version of the iSelect binary installed on your system:
- Run `iselect --version` or check the package version via your package manager (e.g., `dpkg -l | grep iselect` on Debian-based systems).
To test if the vulnerability can be triggered (in a controlled and safe environment), you might attempt to run the iSelect command with a large argument for the -k parameter, for example:
- ```bash iselect -k $(python3 -c 'print("A"*1100)') ```
If the program crashes or behaves unexpectedly, it may indicate the presence of the buffer overflow vulnerability.
Can you explain this vulnerability to me?
CVE-2016-20048 is a local buffer overflow vulnerability in iSelect version 1.4.0-2+b1, a Linux ncurses-based interactive line selection tool. The vulnerability occurs when a local attacker supplies an oversized value to the -k or --key parameter. This input overflows a 1024-byte stack buffer due to improper input validation in the strcpy_chk function, allowing the attacker to overwrite the return address on the stack.
By crafting a malicious argument containing a NOP sled, shellcode (such as code to execute /bin/sh), and a carefully chosen return address, the attacker can redirect execution flow and execute arbitrary code with the privileges of the user running iSelect.
How can this vulnerability impact me? :
This vulnerability allows a local attacker to execute arbitrary code on the affected system with the privileges of the user running iSelect. This can lead to local privilege escalation or unauthorized actions performed under the user's account.
Because the exploit involves executing shellcode, an attacker could gain shell access, potentially compromising system integrity, stealing data, or installing malicious software.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid running the vulnerable iSelect version (1.4.0-2+b1) or restrict its usage to trusted users only.
- Do not supply untrusted or oversized input to the -k/--key parameter.
- If possible, update or patch iSelect to a version that fixes this buffer overflow vulnerability.
- Limit local user access to the system or the iSelect binary to reduce the risk of exploitation.
Since this is a local vulnerability, controlling local access and input validation are key immediate defenses.