What is CVE-2016-20046?

CVE-2016-20046 is a high-severity vulnerability in Zftp Client, classified under Out-of-bounds Write. CVSS score: 8.4/10. Published 2026-03-28.

How severe is CVE-2016-20046?

High severity. CVSS v3 base score is 8.4 out of 10.

Buffer overflow in Zftp Client

CVE-2016-20046

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAM…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (5.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Zftp Client — versions 20061220+dfsg3-4.1

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

ExploitDB-40203 (exploit)
Official Product Homepage (product)
VulnCheck Advisory: zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow (third-party-advisory)

Frequently asked questions

What is CVE-2016-20046?: CVE-2016-20046 is a high-severity vulnerability in Zftp Client, classified under Out-of-bounds Write. CVSS score: 8.4/10. Published 2026-03-28.
How severe is CVE-2016-20046?: High severity. CVSS v3 base score is 8.4 out of 10.