Search CVE reports
11 – 20 of 32 results
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | — | — | Not affected | Not affected |
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | — | — | — | — |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
5 affected packages
rsync, zlib, mariadb-10.3, mariadb-10.6, klibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | Not affected | Not affected | Fixed | Fixed |
| zlib | Fixed | Fixed | Fixed | Fixed |
| mariadb-10.3 | — | Not in release | Fixed | Not in release |
| mariadb-10.6 | Not in release | Fixed | Not in release | Not in release |
| klibc | Fixed | Fixed | Fixed | Fixed |
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | — | — | — | — |
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure,...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | — | — | — | — |
Some fixes available 3 of 4
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | — | — | — | — |
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | — | — | — | Not affected |
Some fixes available 16 of 30
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
4 affected packages
rsync, zlib, klibc, zsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected |
| klibc | Needs evaluation | Not affected | Not affected | Not affected |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 16 of 30
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
4 affected packages
zlib, rsync, klibc, zsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| zlib | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed |
| klibc | Needs evaluation | Not affected | Not affected | Not affected |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 25 of 36
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
4 affected packages
rsync, zlib, klibc, zsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected |
| klibc | Fixed | Fixed | Fixed | Fixed |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |