CVE-2006-2083

8 documents7 sources

Severity

7.5HIGH

EPSS

1.5%

top 18.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Andrew Tridgell Rsync

Timeline

PublishedApr 28

Latest updateMay 1

Description

Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianrsync< 2.6.8-1+3

▶NVDandrew_tridgell/rsync8 versions+7

🔴Vulnerability Details

GHSA

GHSA-6vv2-q3g6-6w2x: Integer overflow in the receive_xattr function in the extended attributes patch (xattr↗2022-05-01

▶

CVEList

CVE-2006-2083: Integer overflow in the receive_xattr function in the extended attributes patch (xattr↗2006-04-28

▶

OSV

CVE-2006-2083: Integer overflow in the receive_xattr function in the extended attributes patch (xattr↗2006-04-28

▶

📋Vendor Advisories

Red Hat

CVE-2006-2083 rsync buffer overflow issue↗2006-04-22

▶

Debian

CVE-2006-2083: rsync - Integer overflow in the receive_xattr function in the extended attributes patch ...↗2006

▶

💬Community

Bugzilla

CVE-2006-2083 rsync buffer overflow issue↗2006-04-28

▶

Bugzilla

CVE-2006-2083 rsync buffer overflow issue↗2006-04-28

▶