Rsync Security Vulnerabilities and Issues — Rsync CVE List

Lucene search

SambaRsync

8 matches found

CVE•added 2022/08/02 3:15 p.m.•567 views

CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A mali...

7.4CVSS7.7AI score0.00302EPSS

CVE•added 2025/01/14 6:15 p.m.•260 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

7.5CVSS7.5AI score0.01186EPSS

CVE•added 2018/01/17 10:29 p.m.•201 views

CVE-2018-5764

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

7.5CVSS7.4AI score0.07709EPSS

CVE•added 2025/01/14 6:15 p.m.•136 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the d...

7.5CVSS8AI score0.0052EPSS

CVE•added 2025/01/14 6:15 p.m.•110 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper symli...

7.5CVSS6.5AI score0.00661EPSS

CVE•added 2021/05/27 8:15 p.m.•96 views

CVE-2020-14387

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise co...

7.4CVSS7AI score0.00141EPSS

CVE•added 2008/04/10 7:5 p.m.•61 views

CVE-2008-1720

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.

7.5CVSS7.5AI score0.08442EPSS

CVE•added 2014/04/23 3:55 p.m.•47 views

CVE-2014-2855

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

7.8CVSS6.3AI score0.18317EPSS