CVE-2016-20046
Published: 28 March 2026
Summary
CVE-2016-20046 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Cern (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2016-20046 is a buffer overflow vulnerability (CWE-787) in zFTP Client version 20061220+dfsg3-4.1, affecting the handling of the NAME parameter in FTP connections. The flaw occurs when an oversized NAME value exceeds the 80-byte buffer allocated in strcpy_chk, enabling attackers to overwrite the instruction pointer and execute arbitrary code or crash the application.
Local attackers can exploit this vulnerability with low complexity, requiring no privileges or user interaction, as reflected in its CVSS 3.1 score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By supplying a maliciously crafted oversized NAME value during an FTP connection, they can achieve application denial of service or remote code execution with the privileges of the user running zFTP Client, compromising confidentiality, integrity, and availability.
Advisories detail the issue at https://www.vulncheck.com/advisories/zftp-client-20061220-dfsg3-local-buffer-overflow, with a proof-of-concept exploit available at https://www.exploit-db.com/exploits/40203. Additional context on the software appears at http://cernlib.web.cern.ch/cernlib/. No patches or specific mitigations are mentioned in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-10847
Vulnerability details
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated…
more
in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow in FTP client enables arbitrary code execution via oversized NAME parameter (CWE-787), directly mapping to client-side exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents the buffer overflow by requiring validation of oversized NAME parameter inputs exceeding the 80-byte buffer before processing with strcpy_chk.
Implements memory protections like ASLR and non-executable memory to block arbitrary code execution even if the buffer overflow occurs.
Requires timely identification, reporting, and remediation of flaws like this buffer overflow vulnerability through patching or software replacement.