VulnerableCode Package Details - pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-3dkg-bayv-aaaf Aliases: CVE-2016-9842	The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.	3.1.3-6 Affected by 0 other vulnerabilities.
VCID-44cr-pxwm-aaaq Aliases: CVE-2016-9843	The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.	3.1.3-6 Affected by 0 other vulnerabilities.
VCID-u4ce-pwp5-aaad Aliases: CVE-2016-9841		3.1.3-6 Affected by 0 other vulnerabilities.
VCID-yeuu-f11j-aaar Aliases: CVE-2016-9840	inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.	3.1.3-6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3dkg-bayv-aaaf
Aliases:
CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

3.1.3-6
Affected by 0 other vulnerabilities.

VCID-44cr-pxwm-aaaq
Aliases:
CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

3.1.3-6
Affected by 0 other vulnerabilities.

VCID-u4ce-pwp5-aaad
Aliases:
CVE-2016-9841

3.1.3-6
Affected by 0 other vulnerabilities.

VCID-yeuu-f11j-aaar
Aliases:
CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

3.1.3-6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-d3cz-rn67-aaam	The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.	CVE-2017-16548
VCID-xm5a-n949-aaaa	The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.	CVE-2018-5764

Vulnerability

Summary

Aliases

VCID-d3cz-rn67-aaam

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

CVE-2017-16548

VCID-xm5a-n949-aaaa

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

CVE-2018-5764

Next non-vulnerable version	3.1.3-6
Latest non-vulnerable version	3.1.3-6
Risk	4.5