rpm package
suse/rsync&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-29518 | Hig | 7.0 | < 3.4.1-160000.4.1 | 3.4.1-160000.4.1 | May 20, 2026 | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access | |
| CVE-2026-45232 | Low | 3.1 | < 3.4.1-160000.4.1 | 3.4.1-160000.4.1 | May 20, 2026 | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by posit | |
| CVE-2026-43620 | Med | 6.5 | < 3.4.1-160000.4.1 | 3.4.1-160000.4.1 | May 20, 2026 | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility fl | |
| CVE-2026-43619 | Med | 6.3 | < 3.4.1-160000.4.1 | 3.4.1-160000.4.1 | May 20, 2026 | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported r | |
| CVE-2026-43618 | Hig | 8.1 | < 3.4.1-160000.4.1 | 3.4.1-160000.4.1 | May 20, 2026 | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outs | |
| CVE-2026-43617 | Med | 4.8 | < 3.4.1-160000.4.1 | 3.4.1-160000.4.1 | May 20, 2026 | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, | |
| CVE-2026-41035 | Hig | 7.4 | < 3.4.1-160000.4.1 | 3.4.1-160000.4.1 | Apr 16, 2026 | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are | |
| CVE-2025-10158 | Med | 4.3 | < 3.4.1-160000.4.1 | 3.4.1-160000.4.1 | Nov 18, 2025 | A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. |
- affected < 3.4.1-160000.4.1fixed 3.4.1-160000.4.1
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access
- affected < 3.4.1-160000.4.1fixed 3.4.1-160000.4.1
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by posit
- affected < 3.4.1-160000.4.1fixed 3.4.1-160000.4.1
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility fl
- affected < 3.4.1-160000.4.1fixed 3.4.1-160000.4.1
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported r
- affected < 3.4.1-160000.4.1fixed 3.4.1-160000.4.1
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outs
- affected < 3.4.1-160000.4.1fixed 3.4.1-160000.4.1
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address,
- affected < 3.4.1-160000.4.1fixed 3.4.1-160000.4.1
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are
- affected < 3.4.1-160000.4.1fixed 3.4.1-160000.4.1
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.