Fedora 43 : rsync (2026-a04e445b3f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a04e445b3f advisory. New version 3.4.4 with multiple regression fixes. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618...

Photon OS 4.0: Rsync PHSA-2026-4.0-1038

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RockyLinux 10 : rsync (RLSA-2026:26332)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26332 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

Photon OS 5.0: Rsync PHSA-2026-5.0-0885

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0885. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Important: rsync

Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...

Security update for rsync (important)

openSUSE security update: security update for rsync ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20877-1 Rating: important References: bsc1254441 bsc1262223 bsc1264511 bsc1264512 bsc1264513 bsc1264514 bsc1264515 bsc1265296 Cross-References:...

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CLSA-2026-1779466465 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

CLSA-2026-1779369849 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

CLSA-2026-1779369649 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

CVE-2026-43618

creationtimestamp| type| source ---|---|--- 2026-05-20 03:01:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmaw3floka2w 2026-05-20 03:12:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmawptyklz2i 2026-05-20 04:18:43+00:00| seen|...

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...