Published: 06/11/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote malicious users to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba rsync
debian debian linux 8.0
debian debian linux 7.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
debian debian linux 9.0
canonical ubuntu linux 12.04
canonical ubuntu linux 17.10

Several security issues were fixed in rsync ...

Debian Bug report logs - #880954 rsync: CVE-2017-16548: receive_xattr heap overread with non null terminated name Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 6 Nov 2017 09:27:02 UTC Severity: important Tags: fixed-u ...

Debian Bug report logs - #883667 rsync: CVE-2017-17433 Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Dec 2017 10:03:05 UTC Severity: important Tags: patch, security, upstream Found in versions rsync/311-1, rsync/ ...

Debian Bug report logs - #883665 rsync: CVE-2017-17434 Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Dec 2017 09:57:09 UTC Severity: important Tags: patch, security, upstream Found in versions rsync/311-1, rsync/ ...

The receive_xattr function in xattrsc in rsync 312 and 313-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon ...

ProductsSolutionsSupport and ServicesCompanyHow To BuySupport PortalGo To PortalRegisterForgot Username/Password?English日本語中文</form> {"@context":"schemaorg/","@type":"BreadcrumbList","url":"wwwbroadcomcom/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2074","numberOfItems":5,"itemLi ...

CWE-125 https://bugzilla.samba.org/show_bug.cgi?id=13112 https://www.debian.org/security/2017/dsa-4068 https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html https://usn.ubuntu.com/3543-2/https://usn.ubuntu.com/3543-1/https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 https://nvd.nist.gov https://usn.ubuntu.com/3543-1/

CVE-2017-16548

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect