Vulnerability Description
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Rsync | < 3.4.3 |
Related Weaknesses (CWE)
References
- https://github.com/RsyncProject/rsync/releases/tag/v3.4.3Release Notes
- https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8Vendor Advisory
- https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxyThird Party Advisory
FAQ
What is CVE-2026-45232?
CVE-2026-45232 is a vulnerability with a CVSS score of 3.1 (LOW). Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory...
How severe is CVE-2026-45232?
CVE-2026-45232 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-45232?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Rsync.