Description
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development
does not check for a trailing '\0' character in an xattr name, which allows
remote attackers to cause a denial of service (heap-based buffer over-read
and application crash) or possibly have unspecified other impact by sending
crafted data to the daemon.
Package
Upstream: | needs-triage
|
Ubuntu 16.04 ESM: | released
(3.1.1-3ubuntu1.2)
|
Ubuntu 14.04 ESM: | released
(3.1.0-2ubuntu0.4)
|
Patches:
Updated: 2022-04-13 12:57:03 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)