{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20042", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:34:09.816Z", "datePublished": "2026-03-28T11:58:03.787Z", "dateUpdated": "2026-03-30T14:24:29.229Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:03.787Z"}, "title": "TRN 3.6-23 Stack Buffer Overflow Local Code Execution", "descriptions": [{"lang": "en", "value": "TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "trn", "product": "Threaded USENET News Reader", "versions": [{"version": "3.6-23", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/39764", "name": "ExploitDB-39764", "tags": ["exploit"]}, {"url": "https://sourceforge.net/projects/trn/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: TRN 3.6-23 Stack Buffer Overflow Local Code Execution", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/trn-23-stack-buffer-overflow-local-code-execution"}], "credits": [{"lang": "en", "value": "Juan Sacco - http://www.exploitpack.com - jsacco@exploitpack.com", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2016-05-04T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T14:23:54.254985Z", "id": "CVE-2016-20042", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:24:29.229Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20042", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T14:23:54.254985Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:24:20.303Z"}}], "cna": {"title": "TRN 3.6-23 Stack Buffer Overflow Local Code Execution", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco - http://www.exploitpack.com - jsacco@exploitpack.com"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "trn", "product": "Threaded USENET News Reader", "versions": [{"status": "affected", "version": "3.6-23"}]}], "datePublic": "2016-05-04T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/39764", "name": "ExploitDB-39764", "tags": ["exploit"]}, {"url": "https://sourceforge.net/projects/trn/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/trn-23-stack-buffer-overflow-local-code-execution", "name": "VulnCheck Advisory: TRN 3.6-23 Stack Buffer Overflow Local Code Execution", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:03.787Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20042", "state": "PUBLISHED", "dateUpdated": "2026-03-30T14:24:29.229Z", "dateReserved": "2026-03-28T11:34:09.816Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:03.787Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges."}, {"lang": "es", "value": "TRN 3.6-23 contiene una vulnerabilidad de desbordamiento de b\u00fafer de pila que permite a atacantes locales ejecutar c\u00f3digo arbitrario al proporcionar un argumento de tama\u00f1o excesivo a la aplicaci\u00f3n. Los atacantes pueden crear un argumento malicioso de l\u00ednea de comandos con 156 bytes de relleno seguidos de una direcci\u00f3n de retorno para sobrescribir el puntero de instrucci\u00f3n y ejecutar shellcode con privilegios de usuario."}], "id": "CVE-2016-20042", "lastModified": "2026-05-01T15:21:32.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:16:00.057", "references": [{"source": "disclosure@vulncheck.com", "url": "https://sourceforge.net/projects/trn/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/39764"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/trn-23-stack-buffer-overflow-local-code-execution"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.6-23"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Threaded USENET News Reader", "source": "cna", "vendor": "trn"}, "product": "threaded_usenet_news_reader", "vendor": "trn"}], "analysis": {"en": {"generated_at": "2026-03-28T13:52:23.884370+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website or support channels for an official patch or a newer version that resolves the overflow and install it immediately.", "If no patch is currently available, limit the use of TRN to trusted users only and avoid passing oversized arguments that could trigger the overflow.", "Consider running TRN inside a sandboxed or restricted environment to contain any potential exploitation."], "summary": {"action": "Immediate Patch", "impact": "Local code execution via stack buffer overflow"}, "threat_synthesis": {"affected_systems": "The product affected is Threaded USENET News Reader version 3.6\u201123. No other versions or products are currently listed as impacted.", "description_and_impact": "TRN 3.6\u201123 suffers from a stack buffer overflow (CWE\u2011787) that allows an attacker to supply an oversized command\u2011line argument. The overflow is triggered with 156 bytes of padding followed by a crafted return address, which overwrites the instruction pointer and redirects the program to execute injected shellcode with the same privileges as the user launching TRN. This flaw enables arbitrary code execution at the local user level.", "risk_and_exploitability": "The vulnerability has a CVSS score of 8.6, indicating high severity. No EPSS data is available and the issue is not listed in the CISA KEV catalog, suggesting no publicly documented exploits yet. The attack vector is local; an attacker needs to run TRN with a crafted argument. If local access is granted, a malicious user can trigger the overflow and execute arbitrary code under their own user privileges."}}}}, "created": "2026-03-29T20:32:28.854349+00:00", "updated": "2026-03-30T06:59:23.218994+00:00", "vendors": ["trn", "trn$PRODUCT$threaded_usenet_news_reader"]}