rpm package
opensuse/rsync&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rsync&distro=openSUSE%20Tumbleweed
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-29518 | Hig | 7.0 | < 3.4.3-1.1 | 3.4.3-1.1 | May 20, 2026 | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access | |
| CVE-2026-45232 | Low | 3.1 | < 3.4.3-1.1 | 3.4.3-1.1 | May 20, 2026 | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by posit | |
| CVE-2026-43620 | Med | 6.5 | < 3.4.3-1.1 | 3.4.3-1.1 | May 20, 2026 | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility fl | |
| CVE-2026-43619 | Med | 6.3 | < 3.4.3-1.1 | 3.4.3-1.1 | May 20, 2026 | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported r | |
| CVE-2026-43618 | Hig | 8.1 | < 3.4.3-1.1 | 3.4.3-1.1 | May 20, 2026 | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outs | |
| CVE-2026-43617 | Med | 4.8 | < 3.4.3-1.1 | 3.4.3-1.1 | May 20, 2026 | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, | |
| CVE-2026-41035 | Hig | 7.4 | < 3.4.1-5.1 | 3.4.1-5.1 | Apr 16, 2026 | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are | |
| CVE-2025-10158 | Med | 4.3 | < 3.4.1-4.1 | 3.4.1-4.1 | Nov 18, 2025 | A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. | |
| CVE-2024-12084 | — | < 3.4.1-1.1 | 3.4.1-1.1 | Jan 15, 2025 | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buf | ||
| CVE-2024-12747 | Med | 5.6 | < 3.4.1-1.1 | 3.4.1-1.1 | Jan 14, 2025 | A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p | |
| CVE-2024-12088 | Med | 6.5 | < 3.4.1-1.1 | 3.4.1-1.1 | Jan 14, 2025 | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil | |
| CVE-2024-12087 | Med | 6.5 | < 3.4.1-1.1 | 3.4.1-1.1 | Jan 14, 2025 | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, | |
| CVE-2024-12086 | Med | 6.1 | < 3.4.1-1.1 | 3.4.1-1.1 | Jan 14, 2025 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli | |
| CVE-2024-12085 | Hig | 7.5 | < 3.4.1-1.1 | 3.4.1-1.1 | Jan 14, 2025 | A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a ti | |
| CVE-2022-37434 | — | < 3.2.5-1.1 | 3.2.5-1.1 | Aug 5, 2022 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable t | ||
| CVE-2022-29154 | — | < 3.2.4-3.1 | 3.2.4-3.1 | Aug 2, 2022 | An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of | ||
| CVE-2020-14387 | — | < 3.2.3-2.6 | 3.2.3-2.6 | May 27, 2021 | A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which | ||
| CVE-2018-5764 | Hig | 7.5 | < 3.2.3-2.6 | 3.2.3-2.6 | Jan 17, 2018 | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. | |
| CVE-2017-16548 | Cri | 9.8 | < 3.2.3-2.6 | 3.2.3-2.6 | Nov 6, 2017 | The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified o | |
| CVE-2014-8242 | — | < 3.1.2-1.5 | 3.1.2-1.5 | Oct 26, 2015 | librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. |
- affected < 3.4.3-1.1fixed 3.4.3-1.1
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access
- affected < 3.4.3-1.1fixed 3.4.3-1.1
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by posit
- affected < 3.4.3-1.1fixed 3.4.3-1.1
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility fl
- affected < 3.4.3-1.1fixed 3.4.3-1.1
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported r
- affected < 3.4.3-1.1fixed 3.4.3-1.1
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outs
- affected < 3.4.3-1.1fixed 3.4.3-1.1
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address,
- affected < 3.4.1-5.1fixed 3.4.1-5.1
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are
- affected < 3.4.1-4.1fixed 3.4.1-4.1
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.
- CVE-2024-12084Jan 15, 2025affected < 3.4.1-1.1fixed 3.4.1-1.1
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buf
- affected < 3.4.1-1.1fixed 3.4.1-1.1
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p
- affected < 3.4.1-1.1fixed 3.4.1-1.1
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil
- affected < 3.4.1-1.1fixed 3.4.1-1.1
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option,
- affected < 3.4.1-1.1fixed 3.4.1-1.1
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli
- affected < 3.4.1-1.1fixed 3.4.1-1.1
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a ti
- CVE-2022-37434Aug 5, 2022affected < 3.2.5-1.1fixed 3.2.5-1.1
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable t
- CVE-2022-29154Aug 2, 2022affected < 3.2.4-3.1fixed 3.2.4-3.1
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of
- CVE-2020-14387May 27, 2021affected < 3.2.3-2.6fixed 3.2.3-2.6
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which
- affected < 3.2.3-2.6fixed 3.2.3-2.6
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
- affected < 3.2.3-2.6fixed 3.2.3-2.6
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified o
- CVE-2014-8242Oct 26, 2015affected < 3.1.2-1.5fixed 3.1.2-1.5
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
Page 1 of 2