CVE-2011-1097 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba Rsync

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

5.1MEDIUMNVD

EPSS

1.6%

top 18.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync

Timeline

PublishedMar 30

Latest updateMay 17

Description

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶Debiansamba/rsync< 3.0.8+3

▶NVDsamba/rsync8 versions+7

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rp4c-gxm3-wmf6: rsync 3↗2022-05-17

▶

CVEList

CVE-2011-1097: rsync 3↗2011-03-30

▶

OSV

CVE-2011-1097: rsync 3↗2011-03-30

▶

📋Vendor Advisories

Ubuntu

rsync vulnerability↗2011-04-27

▶

Red Hat

rsync: Incremental file-list corruption due to temporary file_extra_cnt increments↗2011-03-26

▶

Debian

CVE-2011-1097: rsync - rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options ...↗2011

▶

💬Community

Bugzilla

CVE-2011-1097 rsync: Incremental file-list corruption due to temporary file_extra_cnt increments↗2011-02-04

▶