216.73.217.98

CVE-2016-20046

· Published 28/03/2026 12:16 · Modified 28/03/2026 12:16

Labels: CVE-2016-20046 2026-03-28CVE-2016-20046CWE-787[email protected]

Essential information

Published
28/03/2026 12:16
Modified
28/03/2026 12:16
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zftp / zftp client cpe:2.3:a:zftp:zftp_client:20061220+dfsg3-4.1:*:*:*:*:*:*:*

References