rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.
Max CVSS
5.1
EPSS Score
2.03%
Published
2011-03-30
Updated
2023-02-13
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
7.5
EPSS Score
7.17%
Published
2008-04-10
Updated
2023-02-13
2 vulnerabilities found