CVE-2016-20048
Received Received - Intake
Local Buffer Overflow in iSelect Allows Arbitrary Code Execution

Publication date: 2026-03-28

Last updated on: 2026-03-28

Assigner: VulnCheck

Description
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-28
Last Modified
2026-03-28
Generated
2026-06-16
AI Q&A
2026-03-29
EPSS Evaluated
2026-06-14
NVD
CVE-2016-20048
EUVD
EUVD-2016-10850
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ossp iselect 1.4.0-2+b1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not include any details on how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability is a local buffer overflow triggered by supplying an oversized value to the -k/--key parameter of the iSelect 1.4.0-2+b1 binary. Detection involves checking for the presence of the vulnerable iSelect version and monitoring or testing the behavior of the -k parameter.

You can detect the vulnerability by verifying the version of the iSelect binary installed on your system:

  • Run `iselect --version` or check the package version via your package manager (e.g., `dpkg -l | grep iselect` on Debian-based systems).

To test if the vulnerability can be triggered (in a controlled and safe environment), you might attempt to run the iSelect command with a large argument for the -k parameter, for example:

  • ```bash iselect -k $(python3 -c 'print("A"*1100)') ```

If the program crashes or behaves unexpectedly, it may indicate the presence of the buffer overflow vulnerability.

Executive Summary

CVE-2016-20048 is a local buffer overflow vulnerability in iSelect version 1.4.0-2+b1, a Linux ncurses-based interactive line selection tool. The vulnerability occurs when a local attacker supplies an oversized value to the -k or --key parameter. This input overflows a 1024-byte stack buffer due to improper input validation in the strcpy_chk function, allowing the attacker to overwrite the return address on the stack.

By crafting a malicious argument containing a NOP sled, shellcode (such as code to execute /bin/sh), and a carefully chosen return address, the attacker can redirect execution flow and execute arbitrary code with the privileges of the user running iSelect.

Impact Analysis

This vulnerability allows a local attacker to execute arbitrary code on the affected system with the privileges of the user running iSelect. This can lead to local privilege escalation or unauthorized actions performed under the user's account.

Because the exploit involves executing shellcode, an attacker could gain shell access, potentially compromising system integrity, stealing data, or installing malicious software.

Mitigation Strategies

Immediate mitigation steps include:

  • Avoid running the vulnerable iSelect version (1.4.0-2+b1) or restrict its usage to trusted users only.
  • Do not supply untrusted or oversized input to the -k/--key parameter.
  • If possible, update or patch iSelect to a version that fixes this buffer overflow vulnerability.
  • Limit local user access to the system or the iSelect binary to reduce the risk of exploitation.

Since this is a local vulnerability, controlling local access and input validation are key immediate defenses.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2016-20048. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart