UBUNTU-CVE-2026-43618

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-43618

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-43618

Upstream

CVE-2026-43618

Downstream

USN-8283-1

Related

USN-8283-1

Published

2026-05-20T00:00:00Z

Modified

2026-05-20T22:02:51.390133527Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
6.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - high

Summary

[none]

Details

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.

References

Affected packages

Ubuntu:20.04:LTS

rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.3-6

3.1.3-8

3.1.3-8ubuntu0.1

3.1.3-8ubuntu0.2

3.1.3-8ubuntu0.3

3.1.3-8ubuntu0.4

3.1.3-8ubuntu0.5

3.1.3-8ubuntu0.7

3.1.3-8ubuntu0.8

3.1.3-8ubuntu0.9

Ecosystem specific

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.3-8ubuntu0.9"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json"

Ubuntu:22.04:LTS

rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.7-0ubuntu0.22.04.6

Affected versions

3.*

3.2.3-4ubuntu1

3.2.3-4ubuntu2

3.2.3-8ubuntu1

3.2.3-8ubuntu2

3.2.3-8ubuntu3

3.2.3-8ubuntu3.1

3.2.7-0ubuntu0.22.04.2

3.2.7-0ubuntu0.22.04.3

3.2.7-0ubuntu0.22.04.4

Ecosystem specific

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.2.7-0ubuntu0.22.04.6"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json"

Ubuntu:24.04:LTS

rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.7-1ubuntu1.4

Affected versions

3.*

3.2.7-1

3.2.7-1build1

3.2.7-1build2

3.2.7-1ubuntu1

3.2.7-1ubuntu1.1

3.2.7-1ubuntu1.2

Ecosystem specific

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.2.7-1ubuntu1.4"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json"

Ubuntu:25.10

rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.1+ds1-5ubuntu1.2

Affected versions

3.*

3.4.1+ds1-3

3.4.1+ds1-4

3.4.1+ds1-5

3.4.1+ds1-5ubuntu1

Ecosystem specific

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.4.1+ds1-5ubuntu1.2"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json"

Ubuntu:26.04:LTS

rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.1+ds1-7ubuntu0.2

Affected versions

3.*

3.4.1+ds1-5ubuntu1

3.4.1+ds1-6

3.4.1+ds1-7

Ecosystem specific

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.4.1+ds1-7ubuntu0.2"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json"

Ubuntu:Pro:14.04:LTS

rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.9-4ubuntu1

3.1.0-2

3.1.0-2ubuntu0.1

3.1.0-2ubuntu0.2

3.1.0-2ubuntu0.3

3.1.0-2ubuntu0.4

3.1.0-2ubuntu0.4+esm1

3.1.0-2ubuntu0.4+esm2

Ecosystem specific

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.0-2ubuntu0.4+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json"

Ubuntu:Pro:16.04:LTS

rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync?arch=source&distro=esm-infra%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.1-3

3.1.1-3ubuntu1

3.1.1-3ubuntu1.1

3.1.1-3ubuntu1.2

3.1.1-3ubuntu1.3

3.1.1-3ubuntu1.3+esm1

3.1.1-3ubuntu1.3+esm2

3.1.1-3ubuntu1.3+esm3

3.1.1-3ubuntu1.3+esm4

Ecosystem specific

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.1-3ubuntu1.3+esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json"

Ubuntu:Pro:18.04:LTS

rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync?arch=source&distro=esm-infra%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.2-2

3.1.2-2.1

3.1.2-2.1ubuntu1

3.1.2-2.1ubuntu1.1

3.1.2-2.1ubuntu1.2

3.1.2-2.1ubuntu1.3

3.1.2-2.1ubuntu1.4

3.1.2-2.1ubuntu1.5

3.1.2-2.1ubuntu1.6

3.1.2-2.1ubuntu1.6+esm1

3.1.2-2.1ubuntu1.6+esm2

Ecosystem specific

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.2-2.1ubuntu1.6+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43618.json"