CVE-2025-67901

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-67901
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67901.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67901
Published
2025-12-15T00:15:40.227Z
Modified
2026-03-13T03:42:21.927694Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p->rem and p->len is not checked.

References

Affected packages

Git / github.com/kristapsdz/openrsync

Affected ranges

Type
GIT
Repo
https://github.com/kristapsdz/openrsync
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
22b37c9ae3cf63e5788bfe28dc4baa0ea33abb6f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.5.0"
        }
    ]
}

Affected versions

Other
VERSION_0
VERSION_0_1_0
VERSION_0_2_0
VERSION_0_3_0
VERSION_0_4_0
VERSION_0_5_0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.8"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67901.json"