pkg:Alpine/rsync

20 total CVEsCRITICAL3HIGH8MEDIUM6LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2024-12084rsync - security update
    from 0, < 3.4.0-r0
  • CRITICAL9.8CVE-2017-17434The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data st…
    from 0, < 3.1.2-r7
  • CRITICAL9.8CVE-2017-16548rsync - security update
    from 0, < 3.1.2-r7
  • HIGH8.1CVE-2026-43618Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is no…
    from 0, < 3.4.3-r0
  • HIGH7.8CVE-2026-41035In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free.
    from 0, < 3.4.1-r2
  • HIGH7.5CVE-2024-12088A flaw was found in rsync.
    from 0, < 3.4.0-r0
  • HIGH7.5CVE-2024-12087A path traversal vulnerability exists in rsync.
    from 0, < 3.4.0-r0
  • HIGH7.5CVE-2024-12085rsync - security update
    from 0, < 3.4.0-r0
  • HIGH7.5CVE-2018-5764rsync - security update
    from 0, < 3.1.3-r0
  • HIGH7.4CVE-2022-29154An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of conne…
    from 0, < 3.2.4-r0
  • HIGH7.4CVE-2020-14387A flaw was found in rsync in versions since 3.2.0pre1.
    from 0, < 3.2.4-r0
  • MEDIUM6.8CVE-2024-12086A flaw was found in rsync.
    from 0, < 3.4.0-r0
  • MEDIUM6.3CVE-2026-43619Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…
    from 0, < 3.4.3-r0
  • MEDIUM5.6CVE-2024-12747A flaw was found in rsync.
    from 0, < 3.4.0-r0
  • MEDIUM5.5CVE-2026-43620Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…
    from 0, < 3.4.3-r0
  • MEDIUM4.8CVE-2026-43617Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforc…
    from 0, < 3.4.3-r0
  • MEDIUM4.3CVE-2025-10158A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negativ…
    from 0, < 3.4.1-r1
  • LOW3.7CVE-2026-45232Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…
    from 0, < 3.4.3-r0
  • LOW3.7CVE-2017-17433The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file met…
    from 0, < 3.1.2-r7
  • CVE-2026-29518Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to…
    from 0, < 3.4.3-r0