rpm package
suse/rsync&distro=SUSE Enterprise Storage 7.1
pkg:rpm/suse/rsync&distro=SUSE%20Enterprise%20Storage%207.1
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-12747 | Med | 5.6 | < 3.2.3-150000.4.33.1 | 3.2.3-150000.4.33.1 | Jan 14, 2025 | A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p | |
| CVE-2024-12088 | Med | 6.5 | < 3.2.3-150000.4.33.1 | 3.2.3-150000.4.33.1 | Jan 14, 2025 | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil | |
| CVE-2024-12087 | Med | 6.5 | < 3.2.3-150000.4.33.1 | 3.2.3-150000.4.33.1 | Jan 14, 2025 | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, | |
| CVE-2024-12086 | Med | 6.1 | < 3.2.3-150000.4.33.1 | 3.2.3-150000.4.33.1 | Jan 14, 2025 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli | |
| CVE-2024-12085 | Hig | 7.5 | < 3.2.3-150000.4.33.1 | 3.2.3-150000.4.33.1 | Jan 14, 2025 | A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a ti | |
| CVE-2022-29154 | — | < 3.2.3-150000.4.23.2 | 3.2.3-150000.4.23.2 | Aug 2, 2022 | An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of | ||
| CVE-2020-14387 | — | < 3.2.3-150000.4.23.2 | 3.2.3-150000.4.23.2 | May 27, 2021 | A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which |
- affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p
- affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil
- affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option,
- affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli
- affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a ti
- CVE-2022-29154Aug 2, 2022affected < 3.2.3-150000.4.23.2fixed 3.2.3-150000.4.23.2
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of
- CVE-2020-14387May 27, 2021affected < 3.2.3-150000.4.23.2fixed 3.2.3-150000.4.23.2
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which