CVE-2017-16548Out-of-bounds Read in Samba Rsync

CWE-125Out-of-bounds ReadCWE-170Improper Null Termination13 documents8 sources
Severity
9.8CRITICALNVD
EPSS
2.9%
top 13.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Samba RsyncCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedNov 6
Latest updateMay 13

Description

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Debiansamba/rsync< 3.1.2-2.1+3
Ubuntusamba/rsync< 3.1.0-2ubuntu0.4+1
NVDsamba/rsync3.1.2

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

🔴Vulnerability Details

4
GHSA
GHSA-vp2c-23x9-j4wq: The receive_xattr function in xattrs2022-05-13
OSV
rsync vulnerabilities2018-01-23
CVEList
CVE-2017-16548: The receive_xattr function in xattrs2017-11-06
OSV
CVE-2017-16548: The receive_xattr function in xattrs2017-11-06

📋Vendor Advisories

4
Ubuntu
rsync vulnerabilities2018-01-23
Ubuntu
rsync vulnerabilities2018-01-23
Red Hat
rsync: Heap-based buffer over-read in receive_xattr function2017-10-31
Debian
CVE-2017-16548: rsync - The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does...2017

💬Community

4
Bugzilla
CVE-2017-15994 CVE-2017-16548 rsync-bpc: various flaws [fedora-all]2017-11-09
Bugzilla
CVE-2017-16548 rsync: Heap-based buffer over-read in receive_xattr function2017-11-09
Bugzilla
CVE-2017-15994 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 rsync: various flaws [fedora-all]2017-11-09
Bugzilla
CVE-2017-15994 CVE-2017-16548 rsync-bpc: various flaws [epel-7]2017-11-09