26 matches found
Important: rsync
Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...
Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2026-1801)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1801 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger...
Amazon Linux 2 : rsync, --advisory ALAS2-2026-3332 (ALAS-2026-3332)
The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3332 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counte...
CLSA-2026-1779466465 rsync: Fix of CVE-2026-43618
CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...
CLSA-2026-1779455173 Fix CVE(s): CVE-2026-43618
SECURITY UPDATE: integer overflow in compressed-token decoder allows memory disclosure to a malicious sender - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and add overflow checks in recvcompressedtokennum/run; add CHUNKSIZE bound check in simplerecvtoken; initialize data=NUL...
CLSA-2026-1779438231 rsync: Fix of CVE-2026-43618
CVE-2026-43618: fix integer overflow in compressed-token decoder allowing memory disclosure via crafted compressed stream...
SUSE CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
CLSA-2026-1779369622 rsync: Fix of CVE-2026-43618
CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...
CLSA-2026-1779369352 Fix CVE(s): CVE-2026-43618
SECURITY UPDATE: integer overflow in compressed-token decoder - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and reject over-long simplerecvtoken literal chunks to prevent remote memory disclosure via crafted compressed stream - CVE-2026-43618...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the compressed-token decoder process. An attacker can access sensitive memory contents, including environment variables, passwords, heap and stack data, and library memory pointers, by sending speciall...
CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
ALPINE-CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
DEBIAN-CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
CVE-2026-43618
Rsync
EUVD-2026-31011
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
PT-2026-42052
Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An integer overflow exists in the compressed-token decoder due to a 32-bit signed counter that is not checked for overflow. A malicious sender can trigger this overflow, causing the receiver process to...
CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
Spring Security has Potential Security Misconfiguration when Using withIssuerLocation
Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator. This issue affects Spring Security: from 6.3.0 through 6.3.14, from...
GHSA-CVC6-Q2CP-2XHW Spring Security has Potential Security Misconfiguration when Using withIssuerLocation
Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator. This issue affects Spring Security: from 6.3.0 through 6.3.14, from...