Vulnerability Description
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Rsync | <= 3.4.2 |
Related Weaknesses (CWE)
References
- https://github.com/RsyncProject/rsync/releases/tag/v3.4.3Release Notes
- https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwqVendor Advisory
- https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosuThird Party Advisory
FAQ
What is CVE-2026-43618?
CVE-2026-43618 is a vulnerability with a CVSS score of 8.1 (HIGH). Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigge...
How severe is CVE-2026-43618?
CVE-2026-43618 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-43618?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Rsync.