CVE-2008-1720 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba Rsync

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound9 documents8 sources

Severity

7.5HIGHNVD

EPSS

8.4%

top 7.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync

Timeline

PublishedApr 10

Latest updateMay 1

Description

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debiansamba/rsync< 3.0.2-1+3

▶NVDsamba/rsync33 versions+32

Patches

Patch: rsync.samba.org ↗Patch: samba.anu.edu.au ↗Patch: rsync.samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-m92h-xg74-c2hm: Buffer overflow in rsync 2↗2022-05-01

▶

OSV

CVE-2008-1720: Buffer overflow in rsync 2↗2008-04-10

▶

CVEList

CVE-2008-1720: Buffer overflow in rsync 2↗2008-04-10

▶

📋Vendor Advisories

Ubuntu

rsync vulnerability↗2008-04-11

▶

Red Hat

rsync: integer overflow in xattr handling↗2008-04-08

▶

Debian

CVE-2008-1720: rsync - Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support...↗2008

▶

💬Community

Bugzilla

CVE-2008-4359 lighttpd: bypass of rewrite/redirect rules using encoded urls↗2008-10-06

▶

Bugzilla

CVE-2008-1720 rsync: integer overflow in xattr handling↗2008-04-09

▶