CVE-2016-20046

Name of the Vulnerable Software and Affected Versions zFTP Client version 20061220+dfsg3-4.1

Description A buffer overflow occurs during the handling of the NAME parameter in FTP connections. A local attacker can provide an oversized NAME value that exceeds the 80-byte buffer allocated in the strcpy chk() function, allowing them to overwrite the instruction pointer and execute shellcode with user privileges or cause the application to crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.