VulnerableCode Package Details - pkg:alpm/archlinux/rsync@3.1.3pre1-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-48w1-ugdn-aaab	The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.	CVE-2017-17434
VCID-d3cz-rn67-aaam	The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.	CVE-2017-16548
VCID-ny7m-9nme-aaap	The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.	CVE-2017-17433
VCID-v1mp-fy1y-aaas	rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.	CVE-2017-15994
VCID-xm5a-n949-aaaa	The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.	CVE-2018-5764

Vulnerability

Summary

Aliases

VCID-48w1-ugdn-aaab

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.

CVE-2017-17434

VCID-d3cz-rn67-aaam

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

CVE-2017-16548

VCID-ny7m-9nme-aaap

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

CVE-2017-17433

VCID-v1mp-fy1y-aaas

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

CVE-2017-15994

VCID-xm5a-n949-aaaa

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

CVE-2018-5764

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:38.421655+00:00	Arch Linux Importer	Fixing	VCID-v1mp-fy1y-aaas	https://security.archlinux.org/AVG-542	36.0.0
2025-03-28T07:44:38.390317+00:00	Arch Linux Importer	Fixing	VCID-d3cz-rn67-aaam	https://security.archlinux.org/AVG-542	36.0.0
2025-03-28T07:44:38.356973+00:00	Arch Linux Importer	Fixing	VCID-ny7m-9nme-aaap	https://security.archlinux.org/AVG-542	36.0.0
2025-03-28T07:44:38.325633+00:00	Arch Linux Importer	Fixing	VCID-48w1-ugdn-aaab	https://security.archlinux.org/AVG-542	36.0.0
2025-03-28T07:44:38.305001+00:00	Arch Linux Importer	Fixing	VCID-xm5a-n949-aaaa	https://security.archlinux.org/AVG-542	36.0.0
2024-09-18T01:59:42.183442+00:00	Arch Linux Importer	Fixing	VCID-v1mp-fy1y-aaas	https://security.archlinux.org/AVG-542	34.0.1
2024-09-18T01:59:42.159865+00:00	Arch Linux Importer	Fixing	VCID-d3cz-rn67-aaam	https://security.archlinux.org/AVG-542	34.0.1
2024-09-18T01:59:42.137221+00:00	Arch Linux Importer	Fixing	VCID-ny7m-9nme-aaap	https://security.archlinux.org/AVG-542	34.0.1
2024-09-18T01:59:42.114242+00:00	Arch Linux Importer	Fixing	VCID-48w1-ugdn-aaab	https://security.archlinux.org/AVG-542	34.0.1
2024-09-18T01:59:42.091449+00:00	Arch Linux Importer	Fixing	VCID-xm5a-n949-aaaa	https://security.archlinux.org/AVG-542	34.0.1
2024-01-03T22:25:57.927834+00:00	Arch Linux Importer	Fixing	VCID-v1mp-fy1y-aaas	https://security.archlinux.org/AVG-542	34.0.0rc1
2024-01-03T22:25:57.903992+00:00	Arch Linux Importer	Fixing	VCID-d3cz-rn67-aaam	https://security.archlinux.org/AVG-542	34.0.0rc1
2024-01-03T22:25:57.878068+00:00	Arch Linux Importer	Fixing	VCID-ny7m-9nme-aaap	https://security.archlinux.org/AVG-542	34.0.0rc1
2024-01-03T22:25:57.851815+00:00	Arch Linux Importer	Fixing	VCID-48w1-ugdn-aaab	https://security.archlinux.org/AVG-542	34.0.0rc1
2024-01-03T22:25:57.827436+00:00	Arch Linux Importer	Fixing	VCID-xm5a-n949-aaaa	https://security.archlinux.org/AVG-542	34.0.0rc1

2025-03-28T07:44:38.421655+00:00

Arch Linux Importer

Fixing