CVE-2017-16548
published 2017-11-06CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | rsync | < rsync 3.1.2-2.1 (bookworm) | rsync 3.1.2-2.1 (bookworm) |
| samba | rsync | <= 3.1.2 | — |
| samba | rsync | >= 0 < 3.1.2-2.1 | 3.1.2-2.1 |
| samba | rsync | >= 0 < 3.1.2-2.1 | 3.1.2-2.1 |
| samba | rsync | >= 0 < 3.1.2-2.1 | 3.1.2-2.1 |
| samba | rsync | >= 0 < 3.1.2-2.1 | 3.1.2-2.1 |
| samba | rsync | >= 0 < 3.1.0-2ubuntu0.4 | 3.1.0-2ubuntu0.4 |
| samba | rsync | >= 0 < 3.1.1-3ubuntu1.2 | 3.1.1-3ubuntu1.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL