Sebastian Krahmer discovered that rsync contained an off-by-one
miscalculation when handling certain file paths. By creating a specially
crafted tree of files and tricking an rsync server into processing them,
a remote attacker could write a single NULL to stack memory, possibly
leading to arbitrary code execution.