Your submission was sent successfully! Close

CVE-2017-15994

Published: 29 October 2017

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(code not present)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(3.1.3-6)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
zesty Ignored
(reached end-of-life)

Notes

AuthorNote
mdeslaur
introduced and fixed during 3.1.3 development period

References

Bugs