JLSEC-2026-625

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-625.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-625.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-625
Upstream
  • EUVD-2025-198005
  • GHSA-3rvc-qcwh-fhqv
Published
2026-06-25T17:41:14.392Z
Modified
2026-07-02T05:46:46.788730289Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds...
Details

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The

malicious

rsync client requires at least read access to the remote rsync module in order to trigger the issue.

Database specific
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "published": "2025-11-18T15:16:25.433Z",
            "database_specific": {
                "status": "Deferred"
            },
            "id": "CVE-2025-10158",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-10158",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10158",
            "imported": "2026-06-25T17:27:26.556Z",
            "modified": "2026-06-17T08:27:47.720Z"
        },
        {
            "published": "2025-11-18T15:30:53Z",
            "url": "https://api.github.com/advisories/GHSA-3rvc-qcwh-fhqv",
            "id": "GHSA-3rvc-qcwh-fhqv",
            "html_url": "https://github.com/advisories/GHSA-3rvc-qcwh-fhqv",
            "imported": "2026-06-25T17:27:26.886Z",
            "modified": "2025-11-18T15:30:54Z"
        },
        {
            "published": "2025-11-18T14:24:19Z",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-198005",
            "id": "EUVD-2025-198005",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-198005",
            "imported": "2026-06-25T17:27:24.697Z",
            "modified": "2025-11-19T16:48:56Z"
        }
    ]
}
References

Affected packages

Julia / rsync_jll

Package

Name
rsync_jll
Purl
pkg:julia/rsync_jll?uuid=191d6b87-264a-55f5-a0e2-c8fbce9a1ce0

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-625.json"