{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20046", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:39:30.497Z", "datePublished": "2026-03-28T11:58:06.907Z", "dateUpdated": "2026-04-01T13:58:58.638Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:06.907Z"}, "title": "zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow", "descriptions": [{"lang": "en", "value": "zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "zFTP", "product": "zFTP Client", "versions": [{"version": "20061220+dfsg3-4.1", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/40203", "name": "ExploitDB-40203", "tags": ["exploit"]}, {"url": "http://cernlib.web.cern.ch/cernlib/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/zftp-client-20061220-dfsg3-local-buffer-overflow"}], "credits": [{"lang": "en", "value": "Juan Sacco - http://www.exploitpack.com -", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2016-08-05T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T13:58:28.754785Z", "id": "CVE-2016-20046", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:58:58.638Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20046", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T13:58:28.754785Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:58:44.187Z"}}], "cna": {"title": "zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco - http://www.exploitpack.com -"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "zFTP", "product": "zFTP Client", "versions": [{"status": "affected", "version": "20061220+dfsg3-4.1"}]}], "datePublic": "2016-08-05T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/40203", "name": "ExploitDB-40203", "tags": ["exploit"]}, {"url": "http://cernlib.web.cern.ch/cernlib/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/zftp-client-20061220-dfsg3-local-buffer-overflow", "name": "VulnCheck Advisory: zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:06.907Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20046", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:58:58.638Z", "dateReserved": "2026-03-28T11:39:30.497Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:06.907Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges."}, {"lang": "es", "value": "zFTP Cliente 20061220+dfsg3-4.1 contiene una vulnerabilidad de desbordamiento de b\u00fafer en el manejo del par\u00e1metro NAME de las conexiones FTP que permite a atacantes locales bloquear la aplicaci\u00f3n o ejecutar c\u00f3digo arbitrario. Los atacantes pueden proporcionar un valor NAME sobredimensionado que excede el b\u00fafer de 80 bytes asignado en strcpy_chk para sobrescribir el puntero de instrucci\u00f3n y ejecutar shellcode con privilegios de usuario."}], "id": "CVE-2016-20046", "lastModified": "2026-05-01T15:21:32.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:16:00.827", "references": [{"source": "disclosure@vulncheck.com", "url": "http://cernlib.web.cern.ch/cernlib/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/40203"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/zftp-client-20061220-dfsg3-local-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20061220+dfsg3-4.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "zftp_client", "vendor": "zftp"}], "analysis": {"en": {"generated_at": "2026-03-28T13:52:00.748746+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s patch or upgrade to a newer version of zFTP Client that contains the fix for the buffer overflow. ", "If an upgrade is not possible, restrict local access to the client executable and enforce least\u2011privilege user rights. ", "Monitor system logs for abnormal crashes or unexpected execution of unknown code associated with the FTP client."], "summary": {"action": "Immediate Patch", "impact": "Local Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the zFTP Client product from zFTP, specifically version 20061220+dfsg3-4.1. No other vendors or product versions are listed as affected.", "description_and_impact": "zFTP Client 20061220+dfsg3-4.1 contains a local buffer overflow in the handling of the NAME parameter for FTP connections. An attacker can supply an oversized NAME value that exceeds the 80\u2011byte buffer used in strcpy_chk, overwriting the instruction pointer and allowing the execution of arbitrary shellcode with the privileges of the user running the client. In addition to code execution, the overflow can cause the application to crash, resulting in a denial\u2011of\u2011service condition.", "risk_and_exploitability": "The CVSS score of 8.6 indicates high severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. The attack vector is local; an attacker must be able to run the client or otherwise supply an oversized NAME value on the local system. Because arbitrary code can be executed with the client\u2019s user privileges, a compromised local account could gain elevated control within the scope of the application."}}}}, "created": "2026-03-29T20:32:25.373719+00:00", "updated": "2026-03-30T06:59:19.432667+00:00", "vendors": ["zftp", "zftp$PRODUCT$zftp_client"]}