Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main

Type apk

Namespace alpine

Name rsync

Version 3.4.3-r0

Qualifiers

arch	armhf
distroversion	v3.21
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2c6b-ufgq-fbcw

vulnerability_id VCID-2c6b-ufgq-fbcw

summary rsync: rsync: Hostname-based ACL bypass in daemon chroot configuration

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43617.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43617.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-43617

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02401
published_at	2026-06-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02512
published_at	2026-06-05T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02514
published_at	2026-06-06T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02456
published_at	2026-06-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02441
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-43617

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43617
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43617

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2469060
reference_id	2469060
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2469060

reference_url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f

reference_id

GHSA-rjfm-3w2m-jf4f

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/

url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f

reference_url

https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution

reference_id

rsync-authorization-bypass-via-hostname-resolution

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/

url

https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution

reference_url	https://usn.ubuntu.com/8283-1/
reference_id	USN-8283-1
reference_type
scores
url	https://usn.ubuntu.com/8283-1/

reference_url	https://usn.ubuntu.com/8349-1/
reference_id	USN-8349-1
reference_type
scores
url	https://usn.ubuntu.com/8349-1/

reference_url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

reference_id

v3.4.3

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/

url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

fixed_packages

url	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsync@3.4.3-r0%3Farch=armhf&distroversion=v3.21&reponame=main

aliases CVE-2026-43617

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c6b-ufgq-fbcw

url VCID-7w3c-s3ph-v7fk

vulnerability_id VCID-7w3c-s3ph-v7fk

summary rsync: Rsync: Denial of Service via malformed HTTP proxy response

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45232.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45232.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-45232

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13316
published_at	2026-06-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13402
published_at	2026-06-05T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13407
published_at	2026-06-06T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13366
published_at	2026-06-07T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13286
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-45232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45232

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2480057
reference_id	2480057
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2480057

reference_url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8

reference_id

GHSA-8f85-j2cv-59m8

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:30:10Z/

url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8

reference_url

https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy

reference_id

rsync-off-by-one-stack-write-via-http-proxy

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:30:10Z/

url

https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy

reference_url	https://usn.ubuntu.com/8283-1/
reference_id	USN-8283-1
reference_type
scores
url	https://usn.ubuntu.com/8283-1/

reference_url	https://usn.ubuntu.com/8349-1/
reference_id	USN-8349-1
reference_type
scores
url	https://usn.ubuntu.com/8349-1/

reference_url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

reference_id

v3.4.3

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:30:10Z/

url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

fixed_packages

url	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsync@3.4.3-r0%3Farch=armhf&distroversion=v3.21&reponame=main

aliases CVE-2026-45232

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7w3c-s3ph-v7fk

url VCID-be1r-cmk6-dyb9

vulnerability_id VCID-be1r-cmk6-dyb9

summary rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29518.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29518.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-29518

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.0091
published_at	2026-06-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00912
published_at	2026-06-07T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00911
published_at	2026-06-06T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00908
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-29518

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://michael.stapelberg.ch/posts/2026-05-24-minimal-memory-safe-go-rsync-vulns/

reference_id

2026-05-24-minimal-memory-safe-go-rsync-vulns

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/

url

https://michael.stapelberg.ch/posts/2026-05-24-minimal-memory-safe-go-rsync-vulns/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2469055
reference_id	2469055
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2469055

reference_url

https://github.com/RsyncProject/rsync/pull/895/changes/8471fdd1561049ef5f58df44a1811a50bd9a531d

reference_id

8471fdd1561049ef5f58df44a1811a50bd9a531d

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/

url

https://github.com/RsyncProject/rsync/pull/895/changes/8471fdd1561049ef5f58df44a1811a50bd9a531d

reference_url

https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write

reference_id

rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/

url

https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write

reference_url	https://usn.ubuntu.com/8283-1/
reference_id	USN-8283-1
reference_type
scores
url	https://usn.ubuntu.com/8283-1/

reference_url	https://usn.ubuntu.com/8349-1/
reference_id	USN-8349-1
reference_type
scores
url	https://usn.ubuntu.com/8349-1/

reference_url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

reference_id

v3.4.3

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/

url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

fixed_packages

url	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsync@3.4.3-r0%3Farch=armhf&distroversion=v3.21&reponame=main

aliases CVE-2026-29518

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be1r-cmk6-dyb9

url VCID-f9zn-2jhn-jqg4

vulnerability_id VCID-f9zn-2jhn-jqg4

summary rsync: rsync: Symlink race vulnerability allows unauthorized file operations

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43619.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43619.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-43619

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00531
published_at	2026-06-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00534
published_at	2026-06-06T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00532
published_at	2026-06-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00528
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-43619

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43619
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43619

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2469058
reference_id	2469058
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2469058

reference_url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735

reference_id

GHSA-4h9m-w5ff-j735

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/

url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735

reference_url

https://www.vulncheck.com/advisories/rsync-symlink-race-condition-via-path-based-syscalls

reference_id

rsync-symlink-race-condition-via-path-based-syscalls

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/

url

https://www.vulncheck.com/advisories/rsync-symlink-race-condition-via-path-based-syscalls

reference_url	https://usn.ubuntu.com/8283-1/
reference_id	USN-8283-1
reference_type
scores
url	https://usn.ubuntu.com/8283-1/

reference_url	https://usn.ubuntu.com/8349-1/
reference_id	USN-8349-1
reference_type
scores
url	https://usn.ubuntu.com/8349-1/

reference_url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

reference_id

v3.4.3

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/

url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

fixed_packages

url	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsync@3.4.3-r0%3Farch=armhf&distroversion=v3.21&reponame=main

aliases CVE-2026-43619

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9zn-2jhn-jqg4

url VCID-vfqu-z1s4-mfa2

vulnerability_id VCID-vfqu-z1s4-mfa2

summary rsync: rsync: Remote Denial of Service via Out-of-bounds Read

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43620.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43620.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-43620

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04206
published_at	2026-06-09T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.0422
published_at	2026-06-05T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04219
published_at	2026-06-06T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04208
published_at	2026-06-07T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04182
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-43620

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43620
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43620

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2469057
reference_id	2469057
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2469057

reference_url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm

reference_id

GHSA-28pw-r563-rxvm

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/

url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm

reference_url

https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files

reference_id

rsync-out-of-bounds-array-read-via-recv-files

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/

url

https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files

reference_url	https://usn.ubuntu.com/8283-1/
reference_id	USN-8283-1
reference_type
scores
url	https://usn.ubuntu.com/8283-1/

reference_url	https://usn.ubuntu.com/8349-1/
reference_id	USN-8349-1
reference_type
scores
url	https://usn.ubuntu.com/8349-1/

reference_url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

reference_id

v3.4.3

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/

url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

fixed_packages

url	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsync@3.4.3-r0%3Farch=armhf&distroversion=v3.21&reponame=main

aliases CVE-2026-43620

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfqu-z1s4-mfa2

url VCID-wc4u-jz1n-eff9

vulnerability_id VCID-wc4u-jz1n-eff9

summary rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43618.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43618.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-43618

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.17864
published_at	2026-06-09T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17961
published_at	2026-06-05T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17958
published_at	2026-06-06T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17921
published_at	2026-06-07T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17846
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-43618

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2469054
reference_id	2469054
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2469054

reference_url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq

reference_id

GHSA-g37v-g3gj-pmwq

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	6.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/

url

https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq

reference_url

https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure

reference_id

rsync-integer-overflow-information-disclosure

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	6.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/

url

https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure

reference_url	https://usn.ubuntu.com/8283-1/
reference_id	USN-8283-1
reference_type
scores
url	https://usn.ubuntu.com/8283-1/

reference_url	https://usn.ubuntu.com/8349-1/
reference_id	USN-8349-1
reference_type
scores
url	https://usn.ubuntu.com/8349-1/

reference_url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

reference_id

v3.4.3

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	6.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/

url

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

fixed_packages

url	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/rsync@3.4.3-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsync@3.4.3-r0%3Farch=armhf&distroversion=v3.21&reponame=main

aliases CVE-2026-43618

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4u-jz1n-eff9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsync@3.4.3-r0%3Farch=armhf&distroversion=v3.21&reponame=main

Package Instance