CVE-2016-20037 in Identicalsoftware xWPE
Summary
xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service.
Responsible
VulnCheck
Reservation
03/28/2026
Disclosure
03/28/2026
Entries
| Published | Base | Temp | Vulnerability | CWE | Prod | Exp | Cou | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 03/28/2026 | 6.8 | 6.6 | Identicalsoftware xWPE Command-Line Argument out-of-bounds write | 787 | Unknown | Proof-of-Concept | Not defined | 0.00012 | 2.15 | CVE-2016-20037 |