rpm package
suse/rsync&distro=SUSE Linux Micro 6.0
pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Micro%206.0
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-10158 | Med | 4.3 | < 3.2.7-5.1 | 3.2.7-5.1 | Nov 18, 2025 | A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. | |
| CVE-2024-12084 | — | < 3.2.7-4.1 | 3.2.7-4.1 | Jan 15, 2025 | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buf | ||
| CVE-2024-12747 | Med | 5.6 | < 3.2.7-4.1 | 3.2.7-4.1 | Jan 14, 2025 | A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p | |
| CVE-2024-12088 | Med | 6.5 | < 3.2.7-4.1 | 3.2.7-4.1 | Jan 14, 2025 | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil | |
| CVE-2024-12087 | Med | 6.5 | < 3.2.7-4.1 | 3.2.7-4.1 | Jan 14, 2025 | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, | |
| CVE-2024-12086 | Med | 6.1 | < 3.2.7-4.1 | 3.2.7-4.1 | Jan 14, 2025 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli | |
| CVE-2024-12085 | Hig | 7.5 | < 3.2.7-4.1 | 3.2.7-4.1 | Jan 14, 2025 | A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a ti |
- affected < 3.2.7-5.1fixed 3.2.7-5.1
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.
- CVE-2024-12084Jan 15, 2025affected < 3.2.7-4.1fixed 3.2.7-4.1
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buf
- affected < 3.2.7-4.1fixed 3.2.7-4.1
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p
- affected < 3.2.7-4.1fixed 3.2.7-4.1
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil
- affected < 3.2.7-4.1fixed 3.2.7-4.1
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option,
- affected < 3.2.7-4.1fixed 3.2.7-4.1
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli
- affected < 3.2.7-4.1fixed 3.2.7-4.1
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a ti