In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka –xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rsync | Samba | 3.0.1 (including) | 3.4.1 (including) |
| Red Hat Enterprise Linux 10 | RedHat | rsync-0:3.4.1-6.el10_2 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | rsync-0:3.4.1-2.el10_0.2 | * |
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | RedHat | rsync-0:3.0.6-12.el6_10.3 | * |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | rsync-0:3.1.2-12.el7_9.3 | * |
| Red Hat Enterprise Linux 8 | RedHat | rsync-0:3.1.3-25.el8_10 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | rsync-0:3.1.3-12.el8_4.7 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | rsync-0:3.1.3-12.el8_4.7 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | rsync-0:3.1.3-14.el8_6.10 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On | RedHat | rsync-0:3.1.3-14.el8_6.10 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | rsync-0:3.1.3-20.el8_8.5 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | rsync-0:3.1.3-20.el8_8.5 | * |
| Red Hat Enterprise Linux 9 | RedHat | rsync-0:3.2.5-7.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | rsync-0:3.2.5-7.el9_8 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | rsync-0:3.2.3-9.el9_0.5 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | rsync-0:3.2.3-19.el9_2.3 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | rsync-0:3.2.3-19.el9_4.3 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | rsync-0:3.2.5-3.el9_6.1 | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | rhcos-413.92.202606160406-0 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | rhcos-414.92.202606231112-0 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | rhcos-415.92.202606030318-0 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | rhcos-416.94.202606051757-0 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | rhcos-417.94.202606250942-0 | * |
| Red Hat OpenShift Container Platform 4.18 | RedHat | rhcos-418.94.202606051320-0 | * |
| Red Hat OpenShift Container Platform 4.19 | RedHat | rhcos-4.19.9.6.202606031700-0 | * |
| Red Hat Discovery 2 | RedHat | discovery/discovery-ui-rhel9:1782166952 | * |
| Rsync | Ubuntu | devel | * |
| Rsync | Ubuntu | esm-infra-legacy/trusty | * |
| Rsync | Ubuntu | esm-infra-legacy/xenial | * |
| Rsync | Ubuntu | esm-infra/bionic | * |
| Rsync | Ubuntu | esm-infra/focal | * |
| Rsync | Ubuntu | esm-infra/xenial | * |
| Rsync | Ubuntu | jammy | * |
| Rsync | Ubuntu | noble | * |
| Rsync | Ubuntu | questing | * |
| Rsync | Ubuntu | resolute | * |