CVE-2026-43618

CVE-2026-43618

Name

CVE-2026-43618

Description

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
disclosure@vulncheck.com	https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
disclosure@vulncheck.com	https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure

Type

URI

disclosure@vulncheck.com

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

disclosure@vulncheck.com

https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:samba:rsync::::::::`	rsync	>= None	<= 3.4.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*

rsync

>= None

<= 3.4.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
rsync	edge-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	edge-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.4.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.3.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.4-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.3-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.3-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.3-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.1.2-r7	None	possibly vulnerable
rsync	3.23-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	3.23-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.23-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.23-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	3.22-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.0-r0	None	possibly vulnerable
rsync	3.22-main	3.2.4-r2	None	possibly vulnerable
rsync	3.22-main	3.1.2-r7	None	possibly vulnerable
rsync	3.21-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	3.21-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.3.0-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.3.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.2.4-r2	None	possibly vulnerable
rsync	3.21-main	3.1.2-r7	None	possibly vulnerable
rsync	3.20-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	3.20-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.3.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.2.4-r2	None	possibly vulnerable
rsync	3.20-main	3.1.2-r7	None	possibly vulnerable
rsync	3.19-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.19-main	3.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.19-main	3.2.7-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.19-main	3.2.4-r2	None	possibly vulnerable
rsync	3.19-main	3.1.2-r7	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages