Search CVE reports


Toggle filters

1 – 10 of 26 results


CVE-2023-45853

Medium priority
Fixed

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE:...

3 affected packages

klibc, rsync, zlib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
klibc Not affected Not affected Not affected Not affected Not affected
rsync Not affected Not affected Not affected Not affected Not affected
zlib Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-42800

Medium priority
Not affected

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause...

2 affected packages

rsync, zlib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rsync Not affected Not affected Not affected Not affected
zlib Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-37434

Medium priority
Fixed

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle...

3 affected packages

klibc, rsync, zlib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
klibc Fixed Fixed Fixed Fixed Fixed
rsync Not affected Not affected Fixed Fixed Fixed
zlib Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-29154

Medium priority

Some fixes available 3 of 5

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However,...

1 affected package

rsync

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rsync Fixed Fixed Fixed Ignored
Show less packages

CVE-2018-25032

Medium priority
Fixed

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

5 affected packages

klibc, mariadb-10.3, mariadb-10.6, rsync, zlib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
klibc Fixed Fixed Fixed Fixed Fixed
mariadb-10.3 Not in release Fixed Not in release Ignored
mariadb-10.6 Not in release Fixed Not in release Not in release Ignored
rsync Not affected Not affected Fixed Fixed Fixed
zlib Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-14387

Medium priority
Not affected

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack...

1 affected package

rsync

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rsync Not affected Not affected Not affected
Show less packages

CVE-2018-5764

Medium priority
Fixed

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

1 affected package

rsync

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rsync Fixed
Show less packages

CVE-2017-17434

Medium priority
Fixed

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply...

1 affected package

rsync

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rsync Fixed
Show less packages

CVE-2017-17433

Medium priority
Fixed

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure,...

1 affected package

rsync

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rsync Fixed
Show less packages

CVE-2017-16548

Low priority

Some fixes available 3 of 4

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and...

1 affected package

rsync

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rsync Fixed
Show less packages