OESA-2026-2549

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2549
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2549.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2549
Upstream
  • CVE-2026-43620
Published
2026-06-05T15:48:22Z
Modified
2026-06-05T16:00:32.510031105Z
Summary
rsync security update
Details

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files are present at one of the ends of the link beforehand.

Security Fix(es):

Rsync versionĀ 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEMTRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client.(CVE-2026-43620)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS-SP3 / rsync

Package

Name
rsync
Purl
pkg:rpm/openEuler/rsync&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.7-11.oe2403sp3

Ecosystem specific 

{
    "aarch64": [
        "rsync-3.2.7-11.oe2403sp3.aarch64.rpm",
        "rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64.rpm",
        "rsync-debugsource-3.2.7-11.oe2403sp3.aarch64.rpm",
        "rsync-help-3.2.7-11.oe2403sp3.aarch64.rpm"
    ],
    "src": [
        "rsync-3.2.7-11.oe2403sp3.src.rpm"
    ],
    "x86_64": [
        "rsync-3.2.7-11.oe2403sp3.x86_64.rpm",
        "rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64.rpm",
        "rsync-debugsource-3.2.7-11.oe2403sp3.x86_64.rpm",
        "rsync-help-3.2.7-11.oe2403sp3.x86_64.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-2549.json"