Description
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.
Published: 2026-03-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution
Action: Immediate Patch
AI Analysis

Impact

zFTP Client 20061220+dfsg3-4.1 contains a local buffer overflow in the handling of the NAME parameter for FTP connections. An attacker can supply an oversized NAME value that exceeds the 80‑byte buffer used in strcpy_chk, overwriting the instruction pointer and allowing the execution of arbitrary shellcode with the privileges of the user running the client. In addition to code execution, the overflow can cause the application to crash, resulting in a denial‑of‑service condition.

Affected Systems

The vulnerability affects the zFTP Client product from zFTP, specifically version 20061220+dfsg3-4.1. No other vendors or product versions are listed as affected.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. The attack vector is local; an attacker must be able to run the client or otherwise supply an oversized NAME value on the local system. Because arbitrary code can be executed with the client’s user privileges, a compromised local account could gain elevated control within the scope of the application.

Generated by OpenCVE AI on March 28, 2026 at 13:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to a newer version of zFTP Client that contains the fix for the buffer overflow.
  • If an upgrade is not possible, restrict local access to the client executable and enforce least‑privilege user rights.
  • Monitor system logs for abnormal crashes or unexpected execution of unknown code associated with the FTP client.

Generated by OpenCVE AI on March 28, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Zftp
Zftp zftp Client
Vendors & Products Zftp
Zftp zftp Client

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.
Title zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Zftp Zftp Client
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-28T11:58:06.907Z

Reserved: 2026-03-28T11:39:30.497Z

Link: CVE-2016-20046

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-28T12:16:00.827

Modified: 2026-03-30T13:26:07.647

Link: CVE-2016-20046

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:59:19Z

Weaknesses