Critical severity9.8NVD Advisory· Published Nov 6, 2017· Updated Jun 17, 2026
CVE-2017-16548
CVE-2017-16548
Description
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- osv-coords10 versionspkg:rpm/opensuse/rsync&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 3.2.3-2.6+ 9 more
- (no CPE)range: < 3.2.3-2.6
- (no CPE)range: < 3.1.0-13.7.1
- (no CPE)range: < 3.1.0-13.7.1
- (no CPE)range: < 3.0.4-2.53.3.1
- (no CPE)range: < 3.1.0-13.7.1
- (no CPE)range: < 3.1.0-13.7.1
- (no CPE)range: < 3.1.0-13.7.1
- (no CPE)range: < 3.0.4-2.53.3.1
- (no CPE)range: < 3.1.0-13.7.1
- (no CPE)range: < 3.1.0-13.7.1
Patches
Vulnerability mechanics
References
6- lists.debian.org/debian-lts-announce/2017/12/msg00020.htmlnvdThird Party Advisory
- usn.ubuntu.com/3543-1/nvdThird Party Advisory
- usn.ubuntu.com/3543-2/nvdThird Party Advisory
- www.debian.org/security/2017/dsa-4068nvdThird Party Advisory
- bugzilla.samba.org/show_bug.cginvdIssue Tracking
- git.samba.org/rsync.git/nvd
News mentions
0No linked articles in our index yet.