A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAXDIGESTLEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
{ "availability": "No subscription required", "ubuntu_priority": "high", "priority_reason": "Possible remote code execution or denial of service", "binaries": [ { "binary_name": "rsync", "binary_version": "3.2.7-0ubuntu0.22.04.3" }, { "binary_name": "rsync-dbgsym", "binary_version": "3.2.7-0ubuntu0.22.04.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "priority_reason": "Possible remote code execution or denial of service", "binaries": [ { "binary_name": "rsync", "binary_version": "3.3.0-1ubuntu0.1" }, { "binary_name": "rsync-dbgsym", "binary_version": "3.3.0-1ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "priority_reason": "Possible remote code execution or denial of service", "binaries": [ { "binary_name": "rsync", "binary_version": "3.2.7-1ubuntu1.1" }, { "binary_name": "rsync-dbgsym", "binary_version": "3.2.7-1ubuntu1.1" } ] }