- EPSS 0.15%
- Veröffentlicht 20.05.2026 13:16:17
- Zuletzt bearbeitet 30.06.2026 03:18:08
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links...
CVE-2026-43617
- EPSS 0.28%
- Veröffentlicht 20.05.2026 00:52:38
- Zuletzt bearbeitet 21.05.2026 20:54:29
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record...
CVE-2026-43618
- EPSS 0.78%
- Veröffentlicht 20.05.2026 00:50:21
- Zuletzt bearbeitet 30.06.2026 03:19:47
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to ...
CVE-2026-43619
- EPSS 0.14%
- Veröffentlicht 20.05.2026 00:49:14
- Zuletzt bearbeitet 21.05.2026 20:42:47
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations t...
CVE-2026-43620
- EPSS 0.5%
- Veröffentlicht 20.05.2026 00:47:57
- Zuletzt bearbeitet 21.05.2026 20:47:19
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_I...
CVE-2026-45232
- EPSS 0.34%
- Veröffentlicht 20.05.2026 00:45:28
- Zuletzt bearbeitet 21.05.2026 20:52:56
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attac...
CVE-2026-41035
- EPSS 0.39%
- Veröffentlicht 16.04.2026 07:16:31
- Zuletzt bearbeitet 02.07.2026 12:17:14
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulner...
CVE-2024-12084
- EPSS 72.06%
- Veröffentlicht 15.01.2025 15:15:10
- Zuletzt bearbeitet 29.06.2026 21:16:29
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write...
CVE-2024-12085
- EPSS 9.35%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 29.06.2026 21:16:30
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of un...
CVE-2024-12088
- EPSS 4.58%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, w...