8.1

CVE-2026-43618

Rsync < 3.4.3 Integer Overflow Information Disclosure

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaRsync Version <= 3.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.513
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
disclosure@vulncheck.com 6.1 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
Release Notes
https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq
Vendor Advisory
https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:26332
https://access.redhat.com/errata/RHSA-2026:26408
https://access.redhat.com/errata/RHSA-2026:26410
https://access.redhat.com/security/cve/CVE-2026-43618
https://bugzilla.redhat.com/show_bug.cgi?id=2469054
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43618.json