CVEFinder.io

CVE-2026-43618

⚠️ high
🔍 Scan for this CVE
Summary

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly red

Description

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.

CVSS Score
8.1
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 77.4% of all 329,456 vulnerabilities in our database.

#74,337
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
Omar Elsayed (@seks99x)
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-125 CWE-190

📦 Affected Products 1

Vendor Product Status Affected Versions
samba rsync Affected
< 3.4.2

🔗 References 3

https://github.com/RsyncProject/rsync/releases/tag/v...
Release Notes
https://github.com/RsyncProject/rsync/security/advis...
Vendor Advisory
https://www.vulncheck.com/advisories/rsync-integer-o...
Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-43617 🔶 medium 4.8 0.0 Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access... 2026-05-20
CVE-2026-43619 🔶 medium 6.3 0.0 Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod... 2026-05-20
CVE-2026-43620 🔶 medium 6.5 0.0 Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receive... 2026-05-20
CVE-2026-45232 ℹ️ low 3.1 0.0 Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connect... 2026-05-20
CVE-2026-29518 ⚠️ high 7.0 0.0 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that ... 2026-05-20
CVE-2026-41035 ⚠️ high 7.4 0.0 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiv... 2026-04-16
These CVEs affect the same products