CVE Catalog

CVE-2026-43620

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

40th percentile - higher than 40% of all known CVEs

Summary

A vulnerability in rsync 3.4.2 and earlier allows a malicious server to intentionally trigger a SIGSEGV crash in the rsync client. The issue is in recv_files() in receiver.c, where an out-of-bounds array read leads to dereferencing an invalid pointer.

Risk Assessment

An attacker can remotely and deterministically crash the rsync client, disrupting data synchronization and potentially causing data unavailability. This vulnerability can be used for DoS attacks against systems using rsync.

Recommendation

Immediately update rsync to version 3.4.3 or later, which contains the fix. If updating is not possible, restrict trusted connections to verified rsync servers only.

Original NVD description (English source)

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS