{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20048", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:41:04.200Z", "datePublished": "2026-03-28T11:58:08.355Z", "dateUpdated": "2026-03-30T14:21:39.496Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:08.355Z"}, "title": "iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter", "descriptions": [{"lang": "en", "value": "iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "affected": [{"vendor": "iselect", "product": "iSelect", "versions": [{"version": "1.4.0-2+b1", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/41076", "name": "ExploitDB-41076", "tags": ["exploit"]}, {"url": "http://www.ossp.org/pkg/tool/iselect/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/iselect-2-b1-local-buffer-overflow-via-key-parameter"}], "credits": [{"lang": "en", "value": "Juan Sacco - http://www.exploitpack.com - jsacco@exploitpack.com", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2017-01-16T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T14:21:05.577353Z", "id": "CVE-2016-20048", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:21:39.496Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20048", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T14:21:05.577353Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:21:29.551Z"}}], "cna": {"title": "iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco - http://www.exploitpack.com - jsacco@exploitpack.com"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "iselect", "product": "iSelect", "versions": [{"status": "affected", "version": "1.4.0-2+b1"}]}], "datePublic": "2017-01-16T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/41076", "name": "ExploitDB-41076", "tags": ["exploit"]}, {"url": "http://www.ossp.org/pkg/tool/iselect/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/iselect-2-b1-local-buffer-overflow-via-key-parameter", "name": "VulnCheck Advisory: iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:08.355Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20048", "state": "PUBLISHED", "dateUpdated": "2026-03-30T14:21:39.496Z", "dateReserved": "2026-03-28T11:41:04.200Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:08.355Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges."}, {"lang": "es", "value": "iSelect 1.4.0-2+b1 contiene una vulnerabilidad de desbordamiento de b\u00fafer local que permite a atacantes locales ejecutar c\u00f3digo arbitrario al proporcionar un valor excesivamente grande al par\u00e1metro -k/--key. Los atacantes pueden elaborar un argumento malicioso que contenga un NOP sled, shellcode y una direcci\u00f3n de retorno para desbordar un b\u00fafer de pila de 1024 bytes y obtener ejecuci\u00f3n de c\u00f3digo con privilegios de usuario."}], "id": "CVE-2016-20048", "lastModified": "2026-05-01T15:21:32.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:16:01.210", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.ossp.org/pkg/tool/iselect/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/41076"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/iselect-2-b1-local-buffer-overflow-via-key-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.4.0-2+b1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "iselect", "vendor": "iselect"}], "analysis": {"en": {"generated_at": "2026-03-28T13:24:40.722468+00:00", "value": {"mitigation_remediation": ["Upgrade iSelect to a version that addresses the buffer overflow.", "If an upgrade is not immediately possible, restrict the use of the \u2013k/--key option or remove the command from privileged access paths.", "Monitor for abnormal execution attempts or signs of exploitation on affected systems.", "Verify that the local user executing iSelect runs with the least privilege required for its function."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is iSelect from the iselect vendor, specifically version 1.4.0\u20112+b1.", "description_and_impact": "The vulnerability is a local buffer overflow triggered when calling iSelect with an oversized value for the \u2013k or --key option. The overflow occurs in a 1024\u2011byte stack buffer and an attacker can supply a crafted argument containing a NOP sled, shellcode, and a return address, allowing them to execute arbitrary code with the privileges of the user running iSelect. The flaw is documented as a stack\u2011based buffer overflow.", "risk_and_exploitability": "With a CVSS score of 8.6, the vulnerability is considered high severity. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, indicating that the exploit is not widely known or actively used in the wild. However, the local nature of the attack means any user with access to the target machine can potentially trigger the overflow and gain code execution. System administrators should treat this as a high risk and prioritize remediation."}}}}, "created": "2026-03-29T20:32:23.566769+00:00", "updated": "2026-03-30T06:59:17.606149+00:00", "vendors": ["iselect", "iselect$PRODUCT$iselect"]}