Rsyncproject Rsync
6 CVEs affecting Rsyncproject Rsync. Latest disclosed: 2026-05-20. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-43618 | High | 8.1 | 2026-05-20 | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overfl… |
CVE-2026-29518 | High | 7.0 | 2026-05-20 | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file write… |
CVE-2026-43620 | Medium | 6.5 | 2026-05-20 | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server… |
CVE-2026-43619 | Medium | 6.3 | 2026-05-20 | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir… |
CVE-2026-43617 | Medium | 4.8 | 2026-05-20 | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configure… |
CVE-2026-45232 | Low | 3.1 | 2026-05-20 | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows… |