CVE-2016-20046
Received Received - Intake
Buffer Overflow in zFTP Client NAME Parameter Enables Code Execution

Publication date: 2026-03-28

Last updated on: 2026-03-28

Assigner: VulnCheck

Description
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-28
Last Modified
2026-03-28
Generated
2026-06-16
AI Q&A
2026-03-28
EPSS Evaluated
2026-06-14
NVD
CVE-2016-20046
EUVD
EUVD-2016-10847
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cern cern_program_library *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2016-20046 is a local buffer overflow vulnerability in the zFTP Client version 20061220+dfsg3-4.1. It occurs due to improper handling of the NAME parameter during FTP connections. The application uses a fixed 80-byte buffer in the strcpy_chk function to copy the NAME value. If an attacker supplies a NAME value larger than 80 bytes, it causes a buffer overflow that overwrites the instruction pointer.

This overflow allows local attackers to crash the application or execute arbitrary code with the privileges of the user running the client.

Impact Analysis

This vulnerability can impact you by allowing a local attacker to execute arbitrary code on your system with your user privileges. This means an attacker who has local access can potentially run malicious code, compromise your files, or disrupt the normal operation of the zFTP Client by causing it to crash.

Since the exploit runs with the same privileges as the user, it could lead to unauthorized actions within the scope of that user's permissions.

Detection Guidance

This vulnerability is a local buffer overflow in the zFTP Client 20061220+dfsg3-4.1 related to the NAME parameter handling during FTP connections. Detection involves checking if the zFTP Client is installed and whether it is a vulnerable version.

Since the vulnerability is triggered by supplying an oversized NAME parameter exceeding 80 bytes, one way to detect it is by attempting to run the zFTP client with a long connection name argument and observing if it crashes or shows a buffer overflow error.

A sample command to test the vulnerability locally could be:

  • Run the zFTP client with a long string as the connection name argument, for example: zftp AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

If the program crashes or terminates with a buffer overflow detected error (as seen in the strcpy_chk failure), it indicates the presence of the vulnerability.

Additionally, checking the installed package version against the vulnerable version (20061220+dfsg3-4.1 or earlier) can help identify if the system is at risk.

Mitigation Strategies

Immediate mitigation steps include:

  • Avoid running the vulnerable zFTP Client version 20061220+dfsg3-4.1 or earlier, especially with untrusted input for the NAME parameter.
  • Restrict local user access to the zFTP Client binary to trusted users only, since the vulnerability requires local access.
  • If possible, upgrade or patch the zFTP Client to a version that fixes this buffer overflow vulnerability.
  • Monitor for unusual crashes or behavior of the zFTP Client that could indicate exploitation attempts.
Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2016-20046. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart