Is there a public PoC exploit available for CVE-2016-20049?

Yes, a public proof-of-concept exploit is available for CVE-2016-20049. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2016-20049?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

CVE-2016-20049

Q: What is the CVSS score of CVE-2016-20049?

CVE-2016-20049 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2016-10852 CRITICAL

Out-of-bounds Write (CWE-787)

2026-03-28 VulnCheck

GHSA-x5f7-xgg8-pr9p

RCE Buffer Overflow Memory Corruption

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 14:07 vuln.today

cvss_changed

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 28, 2026 - 12:15 euvd

EUVD-2016-10852

Analysis Generated

Mar 28, 2026 - 12:15 vuln.today

CVE Published

Mar 28, 2026 - 11:58 nvd

CRITICAL 9.3

DescriptionNVD

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context.

AnalysisAI

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries.

Technical ContextAI

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Write (CWE-787).

RemediationAI

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

Vendor StatusVendor

Debian

jad

Release	Status	Fixed Version	Urgency
(unstable)	fixed	(unfixed)	-

CVE-2016-20049 vulnerability details – vuln.today

Back

CVE-2016-20049

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Debian

Share

CVE-2016-20049

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Debian

Share

External POC / Exploit Code