High severity8.4NVD Advisory· Published Mar 28, 2026· Updated May 1, 2026

CVE-2016-20046

Description

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cernlib.web.cern.ch/cernlib/nvd
www.exploit-db.com/exploits/40203nvd
www.vulncheck.com/advisories/zftp-client-20061220-dfsg3-local-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000