EUVD-2026-31011
GHSA-88m5-cm5m-2596
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionNVD
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.
AnalysisAI
Information disclosure in Rsync 3.4.2 and prior allows an authenticated remote sender to leak receiver process memory through an integer overflow in the compressed-token decoder. The flaw exposes environment variables, credentials, heap and stack contents, and library pointers, weakening ASLR and enabling follow-on exploitation; no public exploit identified at time of analysis, but Rsync 3.4.3 bundles the security fix.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Audit systems running Rsync to identify versions 3.4.2 or earlier. Within 7 days: Upgrade all affected systems to Rsync 3.4.3 or later; test in staging first. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today