CVE-2017-16548

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-16548

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16548.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16548

Related

Published

2017-11-06T05:29:00Z

Modified

2024-09-18T02:50:47.902450Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

References

Affected packages

Alpine:v3.10 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.11 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.12 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.13 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.14 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.15 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.16 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.17 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.18 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.19 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.20 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.4 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r3

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

Alpine:v3.5 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r3

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

Alpine:v3.6 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r6

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

Alpine:v3.7 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.8 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Alpine:v3.9 / rsync

Package

Name: rsync
Purl: pkg:apk/alpine/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-r7

Affected versions

3.*

3.0.5-r0

3.0.6-r0

3.0.6-r1

3.0.7-r0

3.0.7-r1

3.0.8-r0

3.0.9-r0

3.0.9-r1

3.1.0-r0

3.1.1-r0

3.1.1-r1

3.1.1-r2

3.1.2-r2

3.1.2-r3

3.1.2-r4

3.1.2-r5

3.1.2-r6

Debian:11 / rsync

Package

Name: rsync
Purl: pkg:deb/debian/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rsync

Package

Name: rsync
Purl: pkg:deb/debian/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rsync

Package

Name: rsync
Purl: pkg:deb/debian/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / git.samba.org/rsync.git

Affected ranges

Type: GIT
Repo: https://git.samba.org/rsync.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

16b49716d55a50f2e985b879b720b2c53c892a3a

Affected versions

Other

mbp_bk_export0

v1.*

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7pre2

v2.4.7pre4

v2.5.0

v2.5.1

v2.5.1pre1

v2.5.1pre2

v2.5.1pre3

v2.5.2

v2.5.2pre1

v2.5.2pre2

v2.5.2pre3

v2.5.3

v2.5.3pre1

v2.5.4

v2.5.4pre1

v2.5.5

v2.5.5.rc1

v2.5.6

v2.6.0

v2.6.0pre1

v2.6.0pre2

v2.6.1

v2.6.1pre1

v2.6.1pre2

v2.6.2

v2.6.2pre1

v2.6.3

v2.6.3pre1

v2.6.3pre2

v2.6.4

v2.6.4pre1

v2.6.4pre2

v2.6.4pre3

v2.6.4pre4

v2.6.5

v2.6.5pre1

v2.6.5pre2

v2.6.6pre1

v2.6.7

v2.6.7pre1

v2.6.7pre2

v2.6.7pre3

v2.6.8

v2.6.8pre1

v2.6.9

v2.6.9pre1

v2.6.9pre2

v2.6.9pre3

v3.*

v3.0.0

v3.0.0pre1

v3.0.0pre10

v3.0.0pre2

v3.0.0pre3

v3.0.0pre4

v3.0.0pre5

v3.0.0pre6

v3.0.0pre7

v3.0.0pre8

v3.0.0pre9

v3.0.1

v3.0.1pre1

v3.0.1pre2

v3.0.1pre3

v3.0.2

v3.0.3

v3.0.3pre1

v3.0.3pre2

v3.0.3pre3

v3.1.0

v3.1.0pre1

v3.1.1

v3.1.1pre1

v3.1.1pre2

v3.1.2

v3.1.2pre1