CVE-2016-20042
Publication date 28 March 2026
Last updated 1 April 2026
Ubuntu priority
Cvss 3 Severity Score
Description
TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| trn | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 16.04 LTS xenial | Ignored end of ESM support, was needs-triage |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
8.4 · High
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H