CVE-2016-20046
Buffer Overflow in zFTP Client NAME Parameter Enables Code Execution
Publication date: 2026-03-28
Last updated on: 2026-03-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cern | cern_program_library | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2016-20046 is a local buffer overflow vulnerability in the zFTP Client version 20061220+dfsg3-4.1. It occurs due to improper handling of the NAME parameter during FTP connections. The application uses a fixed 80-byte buffer in the strcpy_chk function to copy the NAME value. If an attacker supplies a NAME value larger than 80 bytes, it causes a buffer overflow that overwrites the instruction pointer.
This overflow allows local attackers to crash the application or execute arbitrary code with the privileges of the user running the client.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker to execute arbitrary code on your system with your user privileges. This means an attacker who has local access can potentially run malicious code, compromise your files, or disrupt the normal operation of the zFTP Client by causing it to crash.
Since the exploit runs with the same privileges as the user, it could lead to unauthorized actions within the scope of that user's permissions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local buffer overflow in the zFTP Client 20061220+dfsg3-4.1 related to the NAME parameter handling during FTP connections. Detection involves checking if the zFTP Client is installed and whether it is a vulnerable version.
Since the vulnerability is triggered by supplying an oversized NAME parameter exceeding 80 bytes, one way to detect it is by attempting to run the zFTP client with a long connection name argument and observing if it crashes or shows a buffer overflow error.
A sample command to test the vulnerability locally could be:
- Run the zFTP client with a long string as the connection name argument, for example: zftp AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
If the program crashes or terminates with a buffer overflow detected error (as seen in the strcpy_chk failure), it indicates the presence of the vulnerability.
Additionally, checking the installed package version against the vulnerable version (20061220+dfsg3-4.1 or earlier) can help identify if the system is at risk.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid running the vulnerable zFTP Client version 20061220+dfsg3-4.1 or earlier, especially with untrusted input for the NAME parameter.
- Restrict local user access to the zFTP Client binary to trusted users only, since the vulnerability requires local access.
- If possible, upgrade or patch the zFTP Client to a version that fixes this buffer overflow vulnerability.
- Monitor for unusual crashes or behavior of the zFTP Client that could indicate exploitation attempts.