Описание
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.3.0+ds1-4 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | released | 3.2.7-0ubuntu0.22.04.3 |
| noble | released | 3.2.7-1ubuntu1.1 |
| oracular | released | 3.3.0-1ubuntu0.1 |
| trusty/esm | not-affected | code not present |
Показывать по
Ссылки на источники
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
Rsync: heap buffer overflow in rsync due to improper checksum length handling
A heap-based buffer overflow flaw was found in the rsync daemon. This ...
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
EPSS
9.8 Critical
CVSS3