Description
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.
Published: 2026-05-20
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in rsync versions up to 3.4.2 allows a remote sender to cause the receiver to read memory outside the intended buffer, revealing process memory such as environment variables, passwords, and library pointers. This leakage undermines ASLR and can facilitate further attacks by exposing secrets and execution addresses.

Affected Systems

RsyncProject rsync versions 3.4.2 and earlier are vulnerable. Organizations using these versions should verify their deployed revision.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate severity. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is over an open rsync connection, where an attacker crafts a malicious packet to trigger the overflow. Successful exploitation requires network reachability to the rsync service and the ability to send a crafted sync transfer.

Generated by OpenCVE AI on May 20, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade rsync to version 3.4.3 or later to eliminate the integer‑overflow flaw.
  • If an upgrade is not immediately possible, restrict rsync access to trusted hosts only and enforce authentication to reduce the attack surface.
  • Place the rsync service behind a firewall or reverse proxy to restrict exposure and monitor traffic for abnormal packet sizes or patterns that could indicate an attempt to trigger the overflow.

Generated by OpenCVE AI on May 20, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4591-1 rsync security update
Debian DSA Debian DSA DSA-6282-1 rsync security update
Ubuntu USN Ubuntu USN USN-8283-1 rsync vulnerabilities
History

Wed, 20 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Rsync Project
Rsync Project rsync
Vendors & Products Rsync Project
Rsync Project rsync

Wed, 20 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.
Title Rsync < 3.4.3 Integer Overflow Information Disclosure
Weaknesses CWE-125
CWE-190
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

cvssV4_0

{'score': 6.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Rsync Project Rsync
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-20T13:04:03.282Z

Reserved: 2026-05-01T18:22:45.639Z

Link: CVE-2026-43618

cve-icon Vulnrichment

Updated: 2026-05-20T13:03:58.676Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T02:16:36.410

Modified: 2026-05-20T13:58:07.923

Link: CVE-2026-43618

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T10:38:39Z

Weaknesses