24 matches found
CVE-2022-29154
CVE-2022-29154 affects rsync prior to 3.2.5, enabling a malicious server (or MITM) to cause the rsync client to write arbitrary files in the client’s directory tree (including sensitive files such as .ssh/authorized_keys). The issue arises from insufficient validation of filenames returned by the...
CVE-2024-12085
CVE-2024-12085 affects rsync; a flaw in checksum comparison allows an attacker to manipulate s2length, causing comparisons against uninitialized memory and leaking one byte of uninitialized stack data per interaction. The issue is rated HIGH (CVSS 3.1: 7.5) with network attack vector and no user ...
CVE-2018-5764
The CVE concerns rsyncd’s parse_arguments in options.c, where multiple uses of --protect-args are not prevented, allowing remote bypass of the argument-sanitization protection mechanism. Affects rsync prior to 3.1.3 (upstream) and various vendor advisories reference mitigation through upgrading t...
CVE-2024-12088
CVE-2024-12088 is a path-traversal vulnerability in rsync when using --safe-links, arising from improper verification of symbolic-link destinations on the server side, potentially allowing writes outside the target directory. Concrete remediation details appear in multiple connected advisories: C...
CVE-2024-12087
CVE-2024-12087 affects rsync and is described in connected advisories as a path traversal vulnerability triggered by the --inc-recursive behavior, arising from insufficient symlink verification and per-file-list deduplication checks. The result could allow a server to write files outside the clie...
CVE-2017-16548
The CVE-2017-16548 issue affects rsync 3.1.2 and 3.1.3-development: receive_xattr does not validate a trailing null in xattr names, allowing a remote attacker to cause a heap-based buffer over-read and crash the daemon. Evidence from multiple advisories confirms a denial-of-service/possible impac...
CVE-2024-12084
CVE-2024-12084: Rsync daemon heap-based buffer overflow caused by improper handling of attacker-controlled checksum lengths (s2length). When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an out-of-bounds write to sum2 is possible. Public advisories confirm this bug affects rsync version...
CVE-2024-12086
The CVE-2024-12086 entry concerns rsync. A flaw in rsync’s checksum-based comparison during client→server file transfer can enable a server to enumerate contents of files on the client by sending crafted checksum values and analyzing responses. The connected documents confirm rsync is affected an...
CVE-2017-17433
CVE-2017-17433 affects rsync 3.1.2 and 3.1.3-development prior to 2017-11/12; the daemon’s receive path (recv_files in receiver.c) updates file metadata before verifying the filename against the daemon_filter_list, allowing remote attackers to bypass access restrictions. Related advisories note t...
CVE-2017-17434
The CVE-2017-17434 issue affects rsync 3.1.2 and 3.1.3-development prior to 2017-12-03. The daemon can bypass access restrictions by not checking fnamecmp filenames in daemon_filter_list and by not applying sanitize_paths to pathnames in "xname follows" strings (read_ndx_and_attrs in rsync.c). Re...
CVE-2026-41035
CVE-2026-41035 affects rsync versions 3.0.1 through 3.4.1. The vulnerability stems from receive_xattr using an untrusted length value during a qsort, causing a receiver use-after-free when the -X/--xattrs option is used. Impact is described as low for confidentiality/integrity/availability, with ...
CVE-2014-9512
CVE-2014-9512 affects rsync 3.1.1, enabling a remote attacker to write arbitrary files via a symlink attack during synchronization. The vulnerability is caused by improper handling of symlinks in the transfer/path, allowing modification of files on the target host. Multiple connected sources refe...
CVE-2020-14387
CVE-2020-14387 affects rsync 3.2.0pre1 up to 3.2.4, where rsync-ssl hostname verification is broken in OpenSSL mode. This allows a remote, unauthenticated attacker with a valid certificate for another hostname to perform a man-in-the-middle and potentially compromise confidentiality and integrity...
CVE-2017-15994
CVE-2017-15994 affects the rsync project; specifically the development branch up to 2017-10-24 (3.1.3-development) where archaic checksums are mishandled. This vulnerability can allow remote attackers to bypass intended access restrictions by manipulating checksum-related logic in rsync, as descr...
CVE-2011-1097
CVE-2011-1097 affects rsync 3.x before 3.0.8, where specific recursion, deletion, and ownership options enable a remote rsync server to trigger heap memory corruption, causing a Denial of Service or potentially allow arbitrary code execution via malformed data. The connected details corroborate t...
CVE-2008-1720
CVE-2008-1720 concerns rsync, where a buffer/overflow issue in rsync 2.6.9–3.0.1 with extended attribute support enabled can allow a remote attacker to execute arbitrary code or crash. Public sources attribute the overflow to handling of ACLs/xattr, enabling remote code execution or instability u...
CVE-2002-0080
CVE-2002-0080 affects rsync when run in daemon mode: it does not call setgroups before dropping privileges, potentially letting local users inherit supplementary group privileges and read files they shouldn’t. The vulnerability is demonstrated across multiple advisories (Mandrake/MDKSA-2002:024, ...
CVE-2014-2855
CVE-2014-2855 affects rsync up to version 3.1.0. The vulnerability resides in check_secret() in authenticate.c, where a username not present in the secrets file can trigger an infinite loop and CPU denial of service. Multiple advisories confirm the issue and reference the affected rsync, with pat...
CVE-2026-43618
Rsync
CVE-2026-29518
Rsync
CVE-2026-43617
CVE-2026-43617 affects rsync
CVE-2026-43620
Rsync 3.4.2 and earlier are affected by a receiver-side out-of-bounds array read in recv_files() (receiver.c). The underlying cause is a mismanaged pointer array leading to an 8-byte read before the allocated array, allowing a crafted file list (with CF_INC_RECURSE enabled, first sorted entry not...
CVE-2026-43619
Rsync
CVE-2026-45232
Rsync