Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16548

Опубликовано: 31 окт. 2017
Источник: redhat
CVSS3: 6.5

Описание

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5rsyncWill not fix
Red Hat Enterprise Linux 6rsyncWill not fix
Red Hat Enterprise Linux 7rsyncWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-170
https://bugzilla.redhat.com/show_bug.cgi?id=1511411rsync: Heap-based buffer over-read in receive_xattr function

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16548

CVSS3: 9.8
ubuntu
больше 8 лет назад

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

nvd логотип

CVE-2017-16548

CVSS3: 9.8
nvd
больше 8 лет назад

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

debian логотип

CVE-2017-16548

CVSS3: 9.8
debian
больше 8 лет назад

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-develo ...

github логотип

GHSA-vp2c-23x9-j4wq

CVSS3: 9.8
github
больше 3 лет назад

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

fstec логотип

BDU:2021-01395

CVSS3: 9.8
fstec
больше 8 лет назад

Уязвимость функции receive_xattr в xattrs.c утилиты для передачи и синхронизации файлов Rsync, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

6.5 Medium

CVSS3