rpm package
almalinux/rsync-rrsync
pkg:rpm/almalinux/rsync-rrsync
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-29518 | Hig | 7.0 | < 3.4.4-1.el10_2 | 3.4.4-1.el10_2 | May 20, 2026 | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access | |
| CVE-2026-43618 | Hig | 8.1 | < 3.4.4-1.el10_2 | 3.4.4-1.el10_2 | May 20, 2026 | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outs | |
| CVE-2026-41035 | Hig | 7.4 | < 3.4.1-6.el10_2 | 3.4.1-6.el10_2 | Apr 16, 2026 | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are | |
| CVE-2025-10158 | Med | 4.3 | < 3.2.5-3.el9_7.2 | 3.2.5-3.el9_7.2 | Nov 18, 2025 | A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. | |
| CVE-2024-12747 | Med | 5.6 | < 3.2.5-3.el9 | 3.2.5-3.el9 | Jan 14, 2025 | A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p | |
| CVE-2024-12088 | Med | 6.5 | < 3.2.5-3.el9 | 3.2.5-3.el9 | Jan 14, 2025 | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil | |
| CVE-2024-12087 | Med | 6.5 | < 3.2.5-3.el9 | 3.2.5-3.el9 | Jan 14, 2025 | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, | |
| CVE-2024-12086 | Med | 6.1 | < 3.2.5-7.el9_8 | 3.2.5-7.el9_8 | Jan 14, 2025 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli |
- affected < 3.4.4-1.el10_2fixed 3.4.4-1.el10_2
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access
- affected < 3.4.4-1.el10_2fixed 3.4.4-1.el10_2
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outs
- affected < 3.4.1-6.el10_2fixed 3.4.1-6.el10_2
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are
- affected < 3.2.5-3.el9_7.2fixed 3.2.5-3.el9_7.2
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.
- affected < 3.2.5-3.el9fixed 3.2.5-3.el9
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p
- affected < 3.2.5-3.el9fixed 3.2.5-3.el9
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil
- affected < 3.2.5-3.el9fixed 3.2.5-3.el9
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option,
- affected < 3.2.5-7.el9_8fixed 3.2.5-7.el9_8
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli