CVE-2025-10158Improper Validation of Array Index in Rsync

CWE-129Improper Validation of Array Index9 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 82.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samba RsyncRsync
Timeline
PublishedNov 18

Description

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

Alpinesamba/rsync< 3.4.1-r1+4
Debiansamba/rsync< 3.2.7-1+deb12u4+2
CVEListV5rsync/rsync3.4.1

🔴Vulnerability Details

4
GHSA
GHSA-3rvc-qcwh-fhqv: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array ind2025-11-18
OSV
CVE-2025-10158: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array ind2025-11-18
CVEList
Rsync: Out of bounds array access via negative index2025-11-18
OSV
CVE-2025-10158: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array ind2025-11-18

📋Vendor Advisories

3
Red Hat
rsync: Rsync: Out of bounds array access via negative index2025-11-18
Microsoft
Rsync: Out of bounds array access via negative index2025-11-11
Debian
CVE-2025-10158: rsync - A malicious client acting as the receiver of an rsync file transfer can trigger ...2025

💬Community

1
Bugzilla
CVE-2025-10158 rsync: Rsync: Out of bounds array access via negative index2025-11-18