CVE-2026-43618

EUVD-2026-31011
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
sambarsync
𝑥
≤ 3.4.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rsync
bookworm
vulnerable
bookworm (security)
3.2.7-1+deb12u5
fixed
bullseye
vulnerable
bullseye (security)
3.2.3-4+deb11u4
fixed
forky
3.4.4+ds1-1
fixed
sid
3.4.4+ds1-1
fixed
trixie
vulnerable
trixie (security)
3.4.1+ds1-5+deb13u3
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
rsync
RHEL 8
0:3.1.3-27.el8_10
fixed
RHEL 9
0:3.2.5-7.el9_8.2
fixed
rsync-daemon
RHEL 8
0:3.1.3-27.el8_10
fixed
RHEL 9
0:3.2.5-7.el9_8.2
fixed
rsync-rrsync
RHEL 9
0:3.2.5-7.el9_8.2
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
rsync
Amazon Linux 2
0:3.1.2-11.amzn2.0.7
fixed
Amazon Linux 2023
0:3.4.0-1.amzn2023.0.4
fixed
rsync-daemon
Amazon Linux 2023
0:3.4.0-1.amzn2023.0.4
fixed
rsync-debuginfo
Amazon Linux 2
0:3.1.2-11.amzn2.0.7
fixed
Amazon Linux 2023
0:3.4.0-1.amzn2023.0.4
fixed
rsync-debugsource
Amazon Linux 2023
0:3.4.0-1.amzn2023.0.4
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
rsync
Azure Linux 3.0
0:3.4.3-1.azl3
fixed