Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-16548

UNKNOWN
Published 2017-11-06T05:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-16548. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-vp2c-23x9-j4wq

Advisory Details

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-16548
WEB https://bugzilla.samba.org/show_bug.cgi?id=13112
WEB https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
WEB https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
WEB https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html
WEB https://usn.ubuntu.com/3543-1
WEB https://usn.ubuntu.com/3543-2
WEB https://www.debian.org/security/2017/dsa-4068

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: April 20, 2025

References

https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
https://bugzilla.samba.org/show_bug.cgi?id=13112
https://usn.ubuntu.com/3543-1/
https://www.debian.org/security/2017/dsa-4068
https://usn.ubuntu.com/3543-2/
https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html
Published: 2017-11-06T05:00:00
Last Modified: 2024-08-05T20:27:03.804Z
Copied to clipboard!