CVE-2017-16548 log
Source |
|
Severity | High |
Remote | Yes |
Type | Denial of service |
Description | The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-542 | rsync | 3.1.2-8 | 3.1.3pre1-1 | Critical | Fixed | FS#57111 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
29 Jan 2018 | ASA-201801-21 | AVG-542 | rsync | Critical | multiple issues |
References |
---|
https://git.samba.org/?p=rsync.git;a=commitdiff;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 |