pkg:Debian/rsync

All known vulnerabilities

• CRITICAL9.8CVE-2024-12084rsync - security update
  from 0, < 3.2.7-1+deb12u1
• CRITICAL9.8CVE-2024-12084rsync - security update
  from 0, < 3.2.7-1+deb12u1
• CRITICAL9.8CVE-2017-17434The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data st…
  from 0, < 3.1.2-2.1
• CRITICAL9.8CVE-2017-16548rsync - security update
  from 0, < 3.1.1-3+deb8u1
• CRITICAL9.8CVE-2017-16548rsync - security update
  from 0, < 3.1.2-2.1
• CRITICAL9.8CVE-2017-16548rsync - security update
  from 0, < 3.0.9-4+deb7u1
• CRITICAL9.8CVE-2016-9843The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving bi…
  from 0, < 3.1.3-6
• CRITICAL9.8CVE-2016-9841inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
  from 0, < 3.1.3-6
• HIGH8.8CVE-2016-9842The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involvin…
  from 0, < 3.1.3-6
• HIGH8.8CVE-2016-9840zlib - security update
  from 0, < 3.1.1-3+deb8u2
• HIGH8.8CVE-2016-9840zlib - security update
  from 0, < 3.1.3-6
• HIGH8.1CVE-2026-43618Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is no…
  from 0, < 3.2.3-4+deb11u4
• HIGH7.8CVE-2026-41035In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free.
  from 0
• HIGH7.5CVE-2024-12088A flaw was found in rsync.
  from 0, < 3.2.3-4+deb11u2
• HIGH7.5CVE-2024-12087A path traversal vulnerability exists in rsync.
  from 0, < 3.2.3-4+deb11u2
• HIGH7.5CVE-2024-12085rsync - security update
  from 0, < 3.2.3-4+deb11u2
• HIGH7.5CVE-2024-12085rsync - security update
  from 0, < 3.2.3-4+deb11u2
• HIGH7.5CVE-2018-5764rsync - security update
  from 0, < 3.1.2-1+deb9u3
• HIGH7.5CVE-2018-5764rsync - security update
  from 0, < 3.1.2-2.2
• HIGH7.5CVE-2018-5764rsync - security update
  from 0, < 3.0.9-4+deb7u2
• HIGH7.4CVE-2022-29154An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of conne…
  from 0
• HIGH7.4CVE-2020-14387A flaw was found in rsync in versions since 3.2.0pre1.
  from 0, < 3.2.3-3
• MEDIUM6.8CVE-2024-12086A flaw was found in rsync.
  from 0, < 3.2.3-4+deb11u2
• MEDIUM6.3CVE-2026-43619Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…
  from 0, < 3.2.3-4+deb11u4
• MEDIUM5.6CVE-2024-12747A flaw was found in rsync.
  from 0, < 3.2.3-4+deb11u2
• MEDIUM5.5CVE-2026-43620Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…
  from 0, < 3.2.3-4+deb11u4
• MEDIUM4.8CVE-2026-43617Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforc…
  from 0, < 3.2.3-4+deb11u4
• MEDIUM4.3CVE-2025-10158A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negativ…
  from 0
• LOW3.7CVE-2026-45232Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…
  from 0
• LOW3.7CVE-2017-17433The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file met…
  from 0, < 3.1.2-2.1
• —CVE-2026-29518Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to…
  from 0, < 3.2.3-4+deb11u4
• —CVE-2014-9512rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
  from 0, < 3.1.1-3
• —CVE-2014-2855The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop…
  from 0, < 3.1.0-3
• —CVE-2011-1097rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of…
  from 0, < 3.0.8
• —CVE-2008-1720rsync
  from 0, < 3.0.2-1
• —CVE-2008-1720rsync
  from 0, < 2.6.9-2etch2
• —CVE-2007-6200Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclu…
  from 0, < 2.6.9-6
• —CVE-2007-6199rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files v…
  from 0, < 2.6.9-6
• —CVE-2007-4091rsync - arbitrary code execution
  from 0, < 2.6.9-5
• —CVE-2007-4091rsync - arbitrary code execution
  from 0, < 2.6.9-2etch1
• —CVE-2006-2083Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to e…
  from 0, < 2.6.8-1
• —CVE-2004-0792rsync - unauthorised directory traversal and file access
  from 0, < 2.6.2-3
• —CVE-2004-0792rsync - unauthorised directory traversal and file access
  from 0, < 2.5.5-0.6
• —CVE-2004-0426rsync - directory traversal
  from 0, < 2.6.1-1
• —CVE-2004-0426rsync - directory traversal
  from 0, < 2.5.5-0.5
• —CVE-2004-2093Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (cr…
  from 0, < 2.6.1-1
• —CVE-2003-0962rsync - heap overflow
  from 0, < 2.5.6-1.1
• —CVE-2003-0962rsync - heap overflow
  from 0, < 2.5.5-0.2