Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-twpz-szrq-4ug3
Vulnerability ID VCID-twpz-szrq-4ug3
Aliases CVE-2008-1720
Summary Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
Status Published
Exploitability 0.5
Weighted Severity 0.1
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
epss 0.08442 https://api.first.org/data/v1/epss?cve=CVE-2008-1720
epss 0.08442 https://api.first.org/data/v1/epss?cve=CVE-2008-1720
epss 0.08442 https://api.first.org/data/v1/epss?cve=CVE-2008-1720
epss 0.08442 https://api.first.org/data/v1/epss?cve=CVE-2008-1720
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1720.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720
441683 https://bugzilla.redhat.com/show_bug.cgi?id=441683
GLSA-200804-16 https://security.gentoo.org/glsa/200804-16
USN-600-1 https://usn.ubuntu.com/600-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.92489
EPSS Score 0.08442
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:10:03.163613+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0