CVE-2018-5764
published 2018-01-17CVE-2018-5764: The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | rsync | < rsync 3.1.2-2.2 (bookworm) | rsync 3.1.2-2.2 (bookworm) |
| samba | rsync | < 3.1.3 | 3.1.3 |
| samba | rsync | >= 0 < 3.1.2-2.2 | 3.1.2-2.2 |
| samba | rsync | >= 0 < 3.1.2-2.2 | 3.1.2-2.2 |
| samba | rsync | >= 0 < 3.1.2-2.2 | 3.1.2-2.2 |
| samba | rsync | >= 0 < 3.1.2-2.2 | 3.1.2-2.2 |
| samba | rsync | >= 0 < 3.1.0-2ubuntu0.4 | 3.1.0-2ubuntu0.4 |
| samba | rsync | >= 0 < 3.1.1-3ubuntu1.2 | 3.1.1-3ubuntu1.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv9.8CRITICAL