Home

Description

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-20 | Updated 2026-05-20 | Assigner VulnCheck




MEDIUM: 6.1CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Problem types

Integer Overflow or Wraparound

Out-of-bounds Read

Product status

Default status
unaffected

Any version before 3.4.3
affected

Credits

Omar Elsayed (@seks99x) finder

References

github.com/.../rsync/security/advisories/GHSA-g37v-g3gj-pmwq vendor-advisory

github.com/RsyncProject/rsync/releases/tag/v3.4.3 release-notes

www.vulncheck.com/...integer-overflow-information-disclosure third-party-advisory

cve.org (CVE-2026-43618)

nvd.nist.gov (CVE-2026-43618)

Download JSON