Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.8%top 49%

CVE-2026-43618: Integer Overflow or Wraparound in RsyncProject rsync

0
Medium
VulnerabilityCVE-2026-43618cvecve-2026-43618
Published: 05/20/2026 (05/20/2026, 00:50:21 UTC)
Source: CVE Database V5
Vendor/Project: RsyncProject
Product: rsync

Description

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.

CVSS v4.0

Score 6.1medium

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
Low
User Interaction
None
Vuln. Confidentiality
High
Vuln. Integrity
None
Vuln. Availability
High
Subsq. Confidentiality
None
Subsq. Integrity
None
Subsq. Availability
None
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Affected software

GitHub Actionsmore threats →ai
rsyncproject/rsync
pkg:github/rsyncproject/rsync
Affected versions
<3.4.3

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/30/2026, 21:59:47 UTC

Technical Analysis

CVE-2026-43618 is an integer overflow vulnerability in RsyncProject's rsync utility (versions up to 3.4.2) within the compressed-token decoder component. The vulnerability arises because a 32-bit signed counter is not properly checked for overflow, enabling a malicious sender to trigger an overflow condition. This overflow causes the receiver to read and return data from outside the intended buffer boundaries, potentially leaking sensitive process memory including environment variables, passwords, heap and stack data, and library memory pointers. This memory disclosure significantly reduces the effectiveness of Address Space Layout Randomization (ASLR), facilitating further exploitation. Red Hat advisories confirm the issue and provide security updates rebasing rsync to version 3.4.4 to fix the vulnerability.

Potential Impact

Successful exploitation can lead to remote disclosure of process memory on the rsync receiver side, exposing sensitive information such as environment variables, passwords, and memory pointers. This undermines ASLR protections and may aid attackers in conducting further attacks. The CVSS 4.0 base score is 6.1 (medium severity), reflecting the network attack vector, low attack complexity, partial privileges required, and high impact on confidentiality and availability.

Mitigation Recommendations

Red Hat has issued security updates rebasing rsync to version 3.4.4 that fix this integer overflow vulnerability. Users of affected Red Hat Enterprise Linux versions should apply these official patches promptly. Since this is not a cloud service, remediation depends on applying vendor-provided updates. Patch status is confirmed by Red Hat advisories. No vendor advisory states that no action is required or that the issue is already mitigated without patching.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
VulnCheck
Date Reserved
2026-05-01T18:22:45.639Z
Cvss Version
4.0
State
PUBLISHED
Remediation Level
null
Vendor Advisory Urls
[{"url":"https://access.redhat.com/security/cve/CVE-2026-43618","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:26332","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:26410","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:26408","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","vendor":"Red Hat"}]

Threat ID: 6a0d0f6cba1db473621796da

Added to database: 05/20/2026, 01:33:32 UTC

Last enriched: 06/30/2026, 21:59:47 UTC

Last updated: 07/06/2026, 08:51:19 UTC

Views: 303

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses