CVE-2026-45232

CVE-2026-45232

Name

CVE-2026-45232

Description

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
disclosure@vulncheck.com	https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
disclosure@vulncheck.com	https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy

Type

URI

disclosure@vulncheck.com

https://github.com/RsyncProject/rsync/releases/tag/v3.4.3

disclosure@vulncheck.com

https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:samba:rsync::::::::`	rsync	>= None	< 3.4.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*

rsync

>= None

< 3.4.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
rsync	edge-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	edge-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.4.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.3.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.4-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.3-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.3-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.2.3-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	edge-main	3.1.2-r7	None	possibly vulnerable
rsync	3.23-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	3.23-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.23-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.23-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	3.22-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.22-main	3.4.0-r0	None	possibly vulnerable
rsync	3.22-main	3.2.4-r2	None	possibly vulnerable
rsync	3.22-main	3.1.2-r7	None	possibly vulnerable
rsync	3.21-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	3.21-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.3.0-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.3.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.21-main	3.2.4-r2	None	possibly vulnerable
rsync	3.21-main	3.1.2-r7	None	possibly vulnerable
rsync	3.20-main	3.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
rsync	3.20-main	3.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.4.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.3.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.20-main	3.2.4-r2	None	possibly vulnerable
rsync	3.20-main	3.1.2-r7	None	possibly vulnerable
rsync	3.19-main	3.4.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.19-main	3.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.19-main	3.2.7-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
rsync	3.19-main	3.2.4-r2	None	possibly vulnerable
rsync	3.19-main	3.1.2-r7	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages