VYPR

Rsync

by Rsync

Source repositories

CVEs (35)

  • CVE-2017-17434CriDec 6, 2017
    risk 0.64cvss 9.8epss 0.03

    The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in…

  • CVE-2017-16548CriNov 6, 2017
    risk 0.64cvss 9.8epss 0.05

    The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified…

  • CVE-2017-15994CriOct 29, 2017
    risk 0.64cvss 9.8epss 0.01

    rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use…

  • CVE-2018-5764HigJan 17, 2018
    risk 0.49cvss 7.5epss 0.06

    The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

  • CVE-2026-43618HigMay 20, 2026
    risk 0.46cvss 8.1epss 0.01

    Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from…

  • CVE-2024-12087MedJan 14, 2025
    risk 0.43cvss 6.5epss 0.02

    A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive`…

  • CVE-2024-12088MedJan 14, 2025
    risk 0.42cvss 6.5epss 0.05

    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary…

  • CVE-2026-41035HigApr 16, 2026
    risk 0.41cvss 7.4epss 0.00

    In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are…

  • CVE-2024-12086MedJan 14, 2025
    risk 0.40cvss 6.1epss 0.02

    A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the…

  • CVE-2026-29518HigMay 20, 2026
    risk 0.39cvss 7.0epss 0.00

    Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access…

  • CVE-2024-12747MedJan 14, 2025
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was…

  • CVE-2026-43620MedMay 20, 2026
    risk 0.35cvss 6.5epss 0.01

    Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility…

  • CVE-2026-43619MedMay 20, 2026
    risk 0.34cvss 6.3epss 0.00

    Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported…

  • CVE-2026-43617MedMay 20, 2026
    risk 0.24cvss 4.8epss 0.00

    Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP…

  • CVE-2017-17433LowDec 6, 2017
    risk 0.24cvss 3.7epss 0.02

    The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended…

  • CVE-2025-10158MedNov 18, 2025
    risk 0.21cvss 4.3epss 0.00

    A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

  • CVE-2026-45232LowMay 20, 2026
    risk 0.13cvss 3.1epss 0.00

    Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by…

  • CVE-2002-0048Feb 27, 2002
    risk 0.06cvss epss 0.34

    Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.

  • CVE-2004-2093Feb 9, 2004
    risk 0.03cvss epss 0.01

    Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not…

  • CVE-2003-0962Dec 15, 2003
    risk 0.02cvss epss 0.21

    Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Page 1 of 2