6 matches found
CVE-2022-29154
CVE-2022-29154 affects rsync prior to 3.2.5, enabling a malicious server (or MITM) to cause the rsync client to write arbitrary files in the client’s directory tree (including sensitive files such as .ssh/authorized_keys). The issue arises from insufficient validation of filenames returned by the...
CVE-2024-12085
CVE-2024-12085 affects rsync; a flaw in checksum comparison allows an attacker to manipulate s2length, causing comparisons against uninitialized memory and leaking one byte of uninitialized stack data per interaction. The issue is rated HIGH (CVSS 3.1: 7.5) with network attack vector and no user ...
CVE-2018-5764
The CVE concerns rsyncd’s parse_arguments in options.c, where multiple uses of --protect-args are not prevented, allowing remote bypass of the argument-sanitization protection mechanism. Affects rsync prior to 3.1.3 (upstream) and various vendor advisories reference mitigation through upgrading t...
CVE-2002-0080
CVE-2002-0080 affects rsync when run in daemon mode: it does not call setgroups before dropping privileges, potentially letting local users inherit supplementary group privileges and read files they shouldn’t. The vulnerability is demonstrated across multiple advisories (Mandrake/MDKSA-2002:024, ...
CVE-2026-29518
Rsync
CVE-2026-45232
Rsync