PT-2026-42153

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description A time-of-check to time-of-use TOCTOU race condition exists in the daemon file handling. This occurs when an rsync daemon is configured with the chroot setting set to false. A local attacker with write...

Linux Distros Unpatched Vulnerability : CVE-2026-45232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows netwo...

AlmaLinux 8 : rsync (ALSA-2026:17481)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:17481 advisory. rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVE-2026-41035 Tenable has extracted the preceding description block directly from the...

Fedora 44 : rsync (2026-75599531db)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-75599531db advisory. Fixing various bugs from Upstream. I did not do a rebase since the Upstream stopped supporting the rsync-patches repo. I accepted this change in Rawhide but ...

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

MiracleLinux 9 : rsync-3.2.5-3.el9_7.2 (AXSA:2026-396:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-396:01 advisory. rsync: Rsync: Out of bounds array access via negative index CVE-2025-10158 Tenable has extracted the preceding description block directly from the MiracleLinu...

EulerOS 2.0 SP10 : rsync (EulerOS-SA-2026-1349)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array...

EulerOS 2.0 SP11 : rsync (EulerOS-SA-2026-1592)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array...

EulerOS 2.0 SP12 : rsync (EulerOS-SA-2026-1379)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array...

Rsync 缓冲区错误漏洞

Rsync is a fast and versatile file copying tool open-sourced by RsyncProject. It is used for remote files and local files. Rsync suffers from a buffer error vulnerability that stems from improper file checksum comparisons, which allows an attacker to manipulate the length of the checksum value an...

rsync 输入验证错误漏洞

rsync is an open source utility program by Wayne Davison, an individual developer, that provides fast incremental file transfers. A security vulnerability exists in versions prior to rsync 3.2.5 that stems from insufficient validation of filenames by the rsync client...

rsync access restriction bypass vulnerability (CNVD-2018-00212)

rsync is a data mirroring backup application for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras that synchronizes file and directory updates between two computers and uses differential encoding to reduce data transfers. A security vulnerability in...

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the rsync package in the OpenSUSE operating system can lead to breaches of the confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the rsync package up to version 2.6.9-r6 in the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal. Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Remediation There is no fixed version f...