CVE-2026-45232

EUVD-2026-31009
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
sambarsync
𝑥
< 3.4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rsync
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
3.4.4+ds1-1
fixed
sid
3.4.4+ds1-1
fixed
trixie
no-dsa
trixie (security)
vulnerable
Azure Linux logo
Azure Linux Releases
Azure Package
Release
rsync
Azure Linux 3.0
0:3.4.3-1.azl3
fixed