CVE-2025-10158
published 2025-11-18CVE-2025-10158: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The
malicious
rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rsync | < rsync 3.2.7-1+deb12u4 (bookworm) | rsync 3.2.7-1+deb12u4 (bookworm) |
| msrc | azl3_rsync_3.4.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_rsync_3.4.1-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_rsync_3.4.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_rsync_3.4.1-2_on_cbl_mariner_2.0 | — | — |
| rsync | rsync | <= 3.4.1 | — |
| samba | rsync | >= 0 < 3.4.1-r1 | 3.4.1-r1 |
| samba | rsync | >= 0 < 3.4.1-r1 | 3.4.1-r1 |
| samba | rsync | >= 0 < 3.4.1-r1 | 3.4.1-r1 |
| samba | rsync | >= 0 < 3.4.1-r1 | 3.4.1-r1 |
| samba | rsync | >= 0 < 3.4.1-r1 | 3.4.1-r1 |
| samba | rsync | >= 0 < 3.2.7-1+deb12u4 | 3.2.7-1+deb12u4 |
| samba | rsync | >= 0 < 3.4.1+ds1-5+deb13u1 | 3.4.1+ds1-5+deb13u1 |
| samba | rsync | >= 0 < 3.4.1+ds1-7 | 3.4.1+ds1-7 |
| ubuntu | rsync | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
osv4.3MEDIUM