Search for vulnerabilities
Vulnerability details: VCID-d3cz-rn67-aaam
Vulnerability ID VCID-d3cz-rn67-aaam
Aliases CVE-2017-16548
Summary The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-125 Out-of-bounds Read
CWE-170 Improper Null Termination
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16548.html
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16548.json
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03341 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11005 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.11767 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.12638 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
epss 0.12638 https://api.first.org/data/v1/epss?cve=CVE-2017-16548
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1511411
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434
cvssv3 3.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-16548
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-16548
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-16548
archlinux Critical https://security.archlinux.org/AVG-542
generic_textual Medium https://ubuntu.com/security/notices/USN-3543-1
generic_textual Medium https://ubuntu.com/security/notices/USN-3543-2
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16548.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16548.json
https://api.first.org/data/v1/epss?cve=CVE-2017-16548
https://bugzilla.samba.org/show_bug.cgi?id=13112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html
https://ubuntu.com/security/notices/USN-3543-1
https://ubuntu.com/security/notices/USN-3543-2
https://usn.ubuntu.com/3543-1/
https://usn.ubuntu.com/3543-2/
https://www.debian.org/security/2017/dsa-4068
1511411 https://bugzilla.redhat.com/show_bug.cgi?id=1511411
880954 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880954
ASA-201801-21 https://security.archlinux.org/ASA-201801-21
AVG-542 https://security.archlinux.org/AVG-542
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-16548 https://nvd.nist.gov/vuln/detail/CVE-2017-16548
GLSA-201801-16 https://security.gentoo.org/glsa/201801-16
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16548.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16548
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16548
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16548
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.86683
EPSS Score 0.03341
Published At May 23, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.