CVE-2016-20046 | THREATINT

Description

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.

PUBLISHED Reserved 2026-03-28 | Published 2026-03-28 | Updated 2026-04-01 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Out-of-bounds Write

Product status

20061220+dfsg3-4.1

affected

Credits

Juan Sacco - http://www.exploitpack.com - finder

References

www.exploit-db.com/exploits/40203 (ExploitDB-40203) exploit

cernlib.web.cern.ch/cernlib/ (Official Product Homepage) product

www.vulncheck.com/...nt-20061220-dfsg3-local-buffer-overflow (VulnCheck Advisory: zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow) third-party-advisory

cve.org (CVE-2016-20046)

nvd.nist.gov (CVE-2016-20046)

Download JSON