{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20038", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:28:58.958Z", "datePublished": "2026-03-28T11:58:00.778Z", "dateUpdated": "2026-03-30T15:50:05.015Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:00.778Z"}, "title": "yTree 1.94-1.1 Stack-Based Buffer Overflow", "descriptions": [{"lang": "en", "value": "yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "werner", "product": "yTree", "versions": [{"version": "1.94-1.1", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/39406", "name": "ExploitDB-39406", "tags": ["exploit"]}, {"url": "http://www.han.de/~werner/ytree.html", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: yTree 1.94-1.1 Stack-Based Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ytree-stack-based-buffer-overflow"}], "credits": [{"lang": "en", "value": "Juan Sacco - http://www.exploitpack.com -jsacco@exploitpack.com", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2016-02-03T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T15:49:51.705944Z", "id": "CVE-2016-20038", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:50:05.015Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20038", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T15:49:51.705944Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:49:58.627Z"}}], "cna": {"title": "yTree 1.94-1.1 Stack-Based Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco - http://www.exploitpack.com -jsacco@exploitpack.com"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "werner", "product": "yTree", "versions": [{"status": "affected", "version": "1.94-1.1"}]}], "datePublic": "2016-02-03T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/39406", "name": "ExploitDB-39406", "tags": ["exploit"]}, {"url": "http://www.han.de/~werner/ytree.html", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ytree-stack-based-buffer-overflow", "name": "VulnCheck Advisory: yTree 1.94-1.1 Stack-Based Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:00.778Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20038", "state": "PUBLISHED", "dateUpdated": "2026-03-30T15:50:05.015Z", "dateReserved": "2026-03-28T11:28:58.958Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:00.778Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context."}, {"lang": "es", "value": "yTree 1.94-1.1 contiene una vulnerabilidad de desbordamiento de b\u00fafer basado en pila que permite a atacantes locales ejecutar c\u00f3digo arbitrario al proporcionar un argumento excesivamente largo a la aplicaci\u00f3n. Los atacantes pueden elaborar un argumento de l\u00ednea de comandos malicioso que contenga shellcode y una direcci\u00f3n de retorno para sobrescribir la pila y ejecutar c\u00f3digo en el contexto de la aplicaci\u00f3n."}], "id": "CVE-2016-20038", "lastModified": "2026-05-01T15:21:32.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:15:59.277", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.han.de/~werner/ytree.html"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/39406"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ytree-stack-based-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.94-1.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "yTree", "source": "cna", "vendor": "werner"}, "product": "ytree", "vendor": "werner"}], "analysis": {"en": {"generated_at": "2026-03-28T13:27:16.657377+00:00", "value": {"mitigation_remediation": ["Update yTree to a version that addresses the stack buffer overflow", "Restrict local users from executing the vulnerable program unless necessary", "Ensure the program runs under the least\u2011privilege account possible", "If an update is not available, isolate the application or replace it with a vetted alternative", "Monitor system logs for abnormal command\u2011line usage of yTree"], "summary": {"action": "Apply Patch", "impact": "Local Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is yTree from the Werner vendor. The vulnerability applies to versions 1.94 through 1.1 as noted. There is no indication that later releases are affected or that other products share this flaw.", "description_and_impact": "The vulnerability is a stack\u2011based buffer overflow in yTree 1.94\u20111.1. A local attacker can supply an overly long command\u2011line argument that overwrites the return address on the stack and injects shellcode, allowing arbitrary code to execute within the application's context.", "risk_and_exploitability": "With a CVSS base score of 8.6 the vulnerability is considered high severity. No EPSS score is available and the issue is not listed in the CISA KEV catalog, suggesting there is no widespread exploitation yet. However, because the flaw requires local execution rights, any local user with access to run yTree could abuse it to gain code execution, which poses a significant risk especially if the program runs with elevated privileges."}}}}, "created": "2026-03-29T20:32:32.550890+00:00", "updated": "2026-03-30T06:59:26.947043+00:00", "vendors": ["werner", "werner$PRODUCT$ytree"]}