Search CVE reports
21 – 30 of 40 results
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
1 affected package
rsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | — |
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply...
1 affected package
rsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | — |
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure,...
1 affected package
rsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | — |
Some fixes available 3 of 4
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and...
1 affected package
rsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | — |
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync...
1 affected package
rsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | Not affected |
Some fixes available 27 of 42
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
4 affected packages
rsync, zlib, zsync, klibc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Not affected |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 18 of 32
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
4 affected packages
zlib, rsync, klibc, zsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| zlib | Not affected | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| klibc | Not affected | Not affected | Not affected | Not affected | Not affected |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 29 of 42
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
4 affected packages
rsync, zlib, klibc, zsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Not affected |
| klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 29 of 42
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
4 affected packages
zlib, rsync, klibc, zsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| zlib | Not affected | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
1 affected package
librsync
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| librsync | Not affected | Not affected | Not affected | Not affected | Vulnerable |