Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-8349-3
Vulnerability from osv_ubuntu
USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. (CVE-2025-10158)
Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that rsync daemons configured without chroot protection were exposed to a race condition on parent path components. A local attacker with write access to a module could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-29518)
It was discovered that rsync did not properly validate a length value while sorting extended attributes. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-41035)
It was discovered that rsync performed reverse-DNS lookups after chrooting in some daemon configurations. A remote attacker could possibly use this issue to bypass hostname-based access controls and access network services. (CVE-2026-43617)
Omar Elsayed discovered that rsync did not properly check for integer overflows while decoding compressed tokens. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43618)
Andrew Tridgell discovered that rsync did not fully fix a symlink race condition in path-based system calls for daemons configured without chroot protection. A local attacker could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-43619)
Pratham Gupta discovered that rsync did not properly validate an index while processing file lists. A remote attacker could possibly use this issue to cause rsync to crash, resulting in a denial of service. (CVE-2026-43620)
Michal Ruprich discovered that rsync contained an off-by-one error while handling HTTP proxy responses. An attacker able to intercept network communications or a malicious proxy server could possibly use this issue to cause a denial of service. (CVE-2026-45232)
| URL | Type | |
|---|---|---|
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm4?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2",
"3.1.0-2ubuntu0.4+esm3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm6?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4",
"3.1.1-3ubuntu1.3+esm5"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm4?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2",
"3.1.2-2.1ubuntu1.6+esm3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm2?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9",
"3.1.3-8ubuntu0.9+esm1"
]
}
],
"aliases": [],
"details": "USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple\nregressions in rsync functionality. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Calum Hutton discovered that rsync contained a heap-based out-of-bounds\n read when handling file transfers. A remote attacker with read access\n to an rsync server could possibly use this issue to cause a denial of\n service. (CVE-2025-10158)\n\n Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that\n rsync daemons configured without chroot protection were exposed to a\n race condition on parent path components. A local attacker with write\n access to a module could possibly use this issue to overwrite files,\n obtain sensitive information, or escalate privileges.\n (CVE-2026-29518)\n\n It was discovered that rsync did not properly validate a length value\n while sorting extended attributes. An attacker could possibly use this\n issue to cause a denial of service. (CVE-2026-41035)\n\n It was discovered that rsync performed reverse-DNS lookups after\n chrooting in some daemon configurations. A remote attacker could\n possibly use this issue to bypass hostname-based access controls and\n access network services. (CVE-2026-43617)\n\n Omar Elsayed discovered that rsync did not properly check for integer\n overflows while decoding compressed tokens. A remote attacker could\n possibly use this issue to obtain sensitive information.\n (CVE-2026-43618)\n\n Andrew Tridgell discovered that rsync did not fully fix a symlink race\n condition in path-based system calls for daemons configured without\n chroot protection. A local attacker could possibly use this issue to\n overwrite files, obtain sensitive information, or escalate privileges.\n (CVE-2026-43619)\n\n Pratham Gupta discovered that rsync did not properly validate an index\n while processing file lists. A remote attacker could possibly use this\n issue to cause rsync to crash, resulting in a denial of service.\n (CVE-2026-43620)\n\n Michal Ruprich discovered that rsync contained an off-by-one error\n while handling HTTP proxy responses. An attacker able to intercept network\n communications or a malicious proxy server could possibly use this issue to\n cause a denial of service. (CVE-2026-45232)",
"id": "USN-8349-3",
"modified": "2026-06-16T07:31:50Z",
"published": "2026-06-16T07:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
},
{
"type": "REPORT",
"url": "https://launchpad.net/bugs/2155874"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "rsync regression",
"upstream": []
}
ubuntu-cve-2025-10158
Vulnerability from osv_ubuntu
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm3"
}
],
"priority_reason": "Per rsync developers, can\u0027t be leveraged into an exploit"
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm5"
}
],
"priority_reason": "Per rsync developers, can\u0027t be leveraged into an exploit"
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm5?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"priority_reason": "Per rsync developers, can\u0027t be leveraged into an exploit"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm1"
}
],
"priority_reason": "Per rsync developers, can\u0027t be leveraged into an exploit"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-0ubuntu0.22.04.6"
}
],
"priority_reason": "Per rsync developers, can\u0027t be leveraged into an exploit"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.6?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-0ubuntu0.22.04.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-4ubuntu1",
"3.2.3-4ubuntu2",
"3.2.3-8ubuntu1",
"3.2.3-8ubuntu2",
"3.2.3-8ubuntu3",
"3.2.3-8ubuntu3.1",
"3.2.7-0ubuntu0.22.04.2",
"3.2.7-0ubuntu0.22.04.3",
"3.2.7-0ubuntu0.22.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-1ubuntu1.4"
}
],
"priority_reason": "Per rsync developers, can\u0027t be leveraged into an exploit"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-1ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.7-1",
"3.2.7-1build1",
"3.2.7-1build2",
"3.2.7-1ubuntu1",
"3.2.7-1ubuntu1.1",
"3.2.7-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-5ubuntu1.2"
}
],
"priority_reason": "Per rsync developers, can\u0027t be leveraged into an exploit"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-5ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-5ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-3",
"3.4.1+ds1-4",
"3.4.1+ds1-5",
"3.4.1+ds1-5ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-7"
}
],
"priority_reason": "Per rsync developers, can\u0027t be leveraged into an exploit"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-7?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-5ubuntu1",
"3.4.1+ds1-6"
]
}
],
"aliases": [],
"details": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.",
"id": "UBUNTU-CVE-2025-10158",
"modified": "2026-06-16T11:21:07Z",
"published": "2025-11-18T15:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-10158"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"type": "REPORT",
"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8283-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
}
],
"related": [
"USN-8283-1",
"USN-8349-1",
"USN-8349-2",
"USN-8349-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-10158"
]
}
ubuntu-cve-2026-29518
Vulnerability from osv_ubuntu
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path can exploit this race condition to create or overwrite arbitrary files, potentially modifying sensitive system files and achieving privilege escalation when the daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm3"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm5"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm5?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm1"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-0ubuntu0.22.04.6"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.6?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-0ubuntu0.22.04.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-4ubuntu1",
"3.2.3-4ubuntu2",
"3.2.3-8ubuntu1",
"3.2.3-8ubuntu2",
"3.2.3-8ubuntu3",
"3.2.3-8ubuntu3.1",
"3.2.7-0ubuntu0.22.04.2",
"3.2.7-0ubuntu0.22.04.3",
"3.2.7-0ubuntu0.22.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-1ubuntu1.4"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-1ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.7-1",
"3.2.7-1build1",
"3.2.7-1build2",
"3.2.7-1ubuntu1",
"3.2.7-1ubuntu1.1",
"3.2.7-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-5ubuntu1.2"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-5ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-5ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-3",
"3.4.1+ds1-4",
"3.4.1+ds1-5",
"3.4.1+ds1-5ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-7ubuntu0.2"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-7ubuntu0.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-7ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-5ubuntu1",
"3.4.1+ds1-6",
"3.4.1+ds1-7"
]
}
],
"aliases": [],
"details": "Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path can exploit this race condition to create or overwrite arbitrary files, potentially modifying sensitive system files and achieving privilege escalation when the daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false.",
"id": "UBUNTU-CVE-2026-29518",
"modified": "2026-06-30T16:19:41Z",
"published": "2026-05-20T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-29518"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29518"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8283-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
}
],
"related": [
"USN-8283-1",
"USN-8349-1",
"USN-8349-2",
"USN-8349-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-29518"
]
}
ubuntu-cve-2026-41035
Vulnerability from osv_ubuntu
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm3"
}
],
"priority_reason": "Per rsync developers this has no security impact"
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm5"
}
],
"priority_reason": "Per rsync developers this has no security impact"
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm5?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"priority_reason": "Per rsync developers this has no security impact"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm1"
}
],
"priority_reason": "Per rsync developers this has no security impact"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-0ubuntu0.22.04.6"
}
],
"priority_reason": "Per rsync developers this has no security impact"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.6?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-0ubuntu0.22.04.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-4ubuntu1",
"3.2.3-4ubuntu2",
"3.2.3-8ubuntu1",
"3.2.3-8ubuntu2",
"3.2.3-8ubuntu3",
"3.2.3-8ubuntu3.1",
"3.2.7-0ubuntu0.22.04.2",
"3.2.7-0ubuntu0.22.04.3",
"3.2.7-0ubuntu0.22.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-1ubuntu1.4"
}
],
"priority_reason": "Per rsync developers this has no security impact"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-1ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.7-1",
"3.2.7-1build1",
"3.2.7-1build2",
"3.2.7-1ubuntu1",
"3.2.7-1ubuntu1.1",
"3.2.7-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-5ubuntu1.2"
}
],
"priority_reason": "Per rsync developers this has no security impact"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-5ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-5ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-3",
"3.4.1+ds1-4",
"3.4.1+ds1-5",
"3.4.1+ds1-5ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-7ubuntu0.2"
}
],
"priority_reason": "Per rsync developers this has no security impact"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-7ubuntu0.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-7ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-5ubuntu1",
"3.4.1+ds1-6",
"3.4.1+ds1-7"
]
}
],
"aliases": [],
"details": "In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.",
"id": "UBUNTU-CVE-2026-41035",
"modified": "2026-06-30T16:20:58Z",
"published": "2026-04-16T07:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-41035"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41035"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2026/04/16/2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8283-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
}
],
"related": [
"USN-8283-1",
"USN-8349-1",
"USN-8349-2",
"USN-8349-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-41035"
]
}
ubuntu-cve-2026-43617
Vulnerability from osv_ubuntu
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm5?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-0ubuntu0.22.04.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.6?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-0ubuntu0.22.04.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-4ubuntu1",
"3.2.3-4ubuntu2",
"3.2.3-8ubuntu1",
"3.2.3-8ubuntu2",
"3.2.3-8ubuntu3",
"3.2.3-8ubuntu3.1",
"3.2.7-0ubuntu0.22.04.2",
"3.2.7-0ubuntu0.22.04.3",
"3.2.7-0ubuntu0.22.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-1ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-1ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.7-1",
"3.2.7-1build1",
"3.2.7-1build2",
"3.2.7-1ubuntu1",
"3.2.7-1ubuntu1.1",
"3.2.7-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-5ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-5ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-5ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-3",
"3.4.1+ds1-4",
"3.4.1+ds1-5",
"3.4.1+ds1-5ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-7ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-7ubuntu0.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-7ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-5ubuntu1",
"3.4.1+ds1-6",
"3.4.1+ds1-7"
]
}
],
"aliases": [],
"details": "Rsync version\u00a03.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon\u0027s hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN.",
"id": "UBUNTU-CVE-2026-43617",
"modified": "2026-06-16T11:30:16Z",
"published": "2026-05-20T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-43617"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43617"
},
{
"type": "REPORT",
"url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8283-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
}
],
"related": [
"USN-8283-1",
"USN-8349-1",
"USN-8349-2",
"USN-8349-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-43617"
]
}
ubuntu-cve-2026-43618
Vulnerability from osv_ubuntu
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm3"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm5"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm5?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm1"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-0ubuntu0.22.04.6"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.6?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-0ubuntu0.22.04.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-4ubuntu1",
"3.2.3-4ubuntu2",
"3.2.3-8ubuntu1",
"3.2.3-8ubuntu2",
"3.2.3-8ubuntu3",
"3.2.3-8ubuntu3.1",
"3.2.7-0ubuntu0.22.04.2",
"3.2.7-0ubuntu0.22.04.3",
"3.2.7-0ubuntu0.22.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-1ubuntu1.4"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-1ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.7-1",
"3.2.7-1build1",
"3.2.7-1build2",
"3.2.7-1ubuntu1",
"3.2.7-1ubuntu1.1",
"3.2.7-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-5ubuntu1.2"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-5ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-5ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-3",
"3.4.1+ds1-4",
"3.4.1+ds1-5",
"3.4.1+ds1-5ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-7ubuntu0.2"
}
],
"priority_reason": "rsync developers have rated this as being a high severity issue"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-7ubuntu0.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-7ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-5ubuntu1",
"3.4.1+ds1-6",
"3.4.1+ds1-7"
]
}
],
"aliases": [],
"details": "Rsync version\u00a03.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.",
"id": "UBUNTU-CVE-2026-43618",
"modified": "2026-06-30T16:21:55Z",
"published": "2026-05-20T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-43618"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43618"
},
{
"type": "REPORT",
"url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8283-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
}
],
"related": [
"USN-8283-1",
"USN-8349-1",
"USN-8349-2",
"USN-8349-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-43618"
]
}
ubuntu-cve-2026-43619
Vulnerability from osv_ubuntu
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module. Attackers with local filesystem access can exploit the timing window between path resolution and syscall execution by swapping symlinks to apply sender-supplied permissions, ownership, timestamps, or filenames to arbitrary files outside the intended module boundary on rsync daemons configured with 'use chroot = no'.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm5?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-0ubuntu0.22.04.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.6?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-0ubuntu0.22.04.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-4ubuntu1",
"3.2.3-4ubuntu2",
"3.2.3-8ubuntu1",
"3.2.3-8ubuntu2",
"3.2.3-8ubuntu3",
"3.2.3-8ubuntu3.1",
"3.2.7-0ubuntu0.22.04.2",
"3.2.7-0ubuntu0.22.04.3",
"3.2.7-0ubuntu0.22.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-1ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-1ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.7-1",
"3.2.7-1build1",
"3.2.7-1build2",
"3.2.7-1ubuntu1",
"3.2.7-1ubuntu1.1",
"3.2.7-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-5ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-5ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-5ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-3",
"3.4.1+ds1-4",
"3.4.1+ds1-5",
"3.4.1+ds1-5ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-7ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-7ubuntu0.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-7ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-5ubuntu1",
"3.4.1+ds1-6",
"3.4.1+ds1-7"
]
}
],
"aliases": [],
"details": "Rsync version\u00a03.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module. Attackers with local filesystem access can exploit the timing window between path resolution and syscall execution by swapping symlinks to apply sender-supplied permissions, ownership, timestamps, or filenames to arbitrary files outside the intended module boundary on rsync daemons configured with \u0027use chroot = no\u0027.",
"id": "UBUNTU-CVE-2026-43619",
"modified": "2026-06-16T11:30:16Z",
"published": "2026-05-20T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-43619"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43619"
},
{
"type": "REPORT",
"url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8283-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
}
],
"related": [
"USN-8283-1",
"USN-8349-1",
"USN-8349-2",
"USN-8349-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-43619"
]
}
ubuntu-cve-2026-43620
Vulnerability from osv_ubuntu
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm5?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-0ubuntu0.22.04.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.6?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-0ubuntu0.22.04.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-4ubuntu1",
"3.2.3-4ubuntu2",
"3.2.3-8ubuntu1",
"3.2.3-8ubuntu2",
"3.2.3-8ubuntu3",
"3.2.3-8ubuntu3.1",
"3.2.7-0ubuntu0.22.04.2",
"3.2.7-0ubuntu0.22.04.3",
"3.2.7-0ubuntu0.22.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-1ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-1ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.7-1",
"3.2.7-1build1",
"3.2.7-1build2",
"3.2.7-1ubuntu1",
"3.2.7-1ubuntu1.1",
"3.2.7-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-5ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-5ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-5ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-3",
"3.4.1+ds1-4",
"3.4.1+ds1-5",
"3.4.1+ds1-5ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-7ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-7ubuntu0.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-7ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-5ubuntu1",
"3.4.1+ds1-6",
"3.4.1+ds1-7"
]
}
],
"aliases": [],
"details": "Rsync version\u00a03.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client.",
"id": "UBUNTU-CVE-2026-43620",
"modified": "2026-06-16T11:30:16Z",
"published": "2026-05-20T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-43620"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43620"
},
{
"type": "REPORT",
"url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8283-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
}
],
"related": [
"USN-8283-1",
"USN-8349-1",
"USN-8349-2",
"USN-8349-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-43620"
]
}
ubuntu-cve-2026-45232
Vulnerability from osv_ubuntu
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.0-2ubuntu0.4+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-2ubuntu0.4+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.9-4ubuntu1",
"3.1.0-2",
"3.1.0-2ubuntu0.1",
"3.1.0-2ubuntu0.2",
"3.1.0-2ubuntu0.3",
"3.1.0-2ubuntu0.4",
"3.1.0-2ubuntu0.4+esm1",
"3.1.0-2ubuntu0.4+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.1-3ubuntu1.3+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm5?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-3ubuntu1.3+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.1-3",
"3.1.1-3ubuntu1",
"3.1.1-3ubuntu1.1",
"3.1.1-3ubuntu1.2",
"3.1.1-3ubuntu1.3",
"3.1.1-3ubuntu1.3+esm1",
"3.1.1-3ubuntu1.3+esm2",
"3.1.1-3ubuntu1.3+esm3",
"3.1.1-3ubuntu1.3+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.2-2.1ubuntu1.6+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-2.1ubuntu1.6+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.2-2",
"3.1.2-2.1",
"3.1.2-2.1ubuntu1",
"3.1.2-2.1ubuntu1.1",
"3.1.2-2.1ubuntu1.2",
"3.1.2-2.1ubuntu1.3",
"3.1.2-2.1ubuntu1.4",
"3.1.2-2.1ubuntu1.5",
"3.1.2-2.1ubuntu1.6",
"3.1.2-2.1ubuntu1.6+esm1",
"3.1.2-2.1ubuntu1.6+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.1.3-8ubuntu0.9+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.9+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3-8ubuntu0.9+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.3-6",
"3.1.3-8",
"3.1.3-8ubuntu0.1",
"3.1.3-8ubuntu0.2",
"3.1.3-8ubuntu0.3",
"3.1.3-8ubuntu0.4",
"3.1.3-8ubuntu0.5",
"3.1.3-8ubuntu0.7",
"3.1.3-8ubuntu0.8",
"3.1.3-8ubuntu0.9"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-0ubuntu0.22.04.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.6?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-0ubuntu0.22.04.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-4ubuntu1",
"3.2.3-4ubuntu2",
"3.2.3-8ubuntu1",
"3.2.3-8ubuntu2",
"3.2.3-8ubuntu3",
"3.2.3-8ubuntu3.1",
"3.2.7-0ubuntu0.22.04.2",
"3.2.7-0ubuntu0.22.04.3",
"3.2.7-0ubuntu0.22.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.2.7-1ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-1ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.7-1",
"3.2.7-1build1",
"3.2.7-1build2",
"3.2.7-1ubuntu1",
"3.2.7-1ubuntu1.1",
"3.2.7-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-5ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-5ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-5ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-3",
"3.4.1+ds1-4",
"3.4.1+ds1-5",
"3.4.1+ds1-5ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "rsync",
"binary_version": "3.4.1+ds1-7ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "rsync",
"purl": "pkg:deb/ubuntu/rsync@3.4.1+ds1-7ubuntu0.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1+ds1-7ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1+ds1-5ubuntu1",
"3.4.1+ds1-6",
"3.4.1+ds1-7"
]
}
],
"aliases": [],
"details": "Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.",
"id": "UBUNTU-CVE-2026-45232",
"modified": "2026-06-16T11:30:17Z",
"published": "2026-05-20T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-45232"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45232"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8283-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8349-3"
}
],
"related": [
"USN-8283-1",
"USN-8349-1",
"USN-8349-2",
"USN-8349-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-45232"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.