ALPINE-CVE-2018-5764

ALPINE-CVE-2018-5764 PUBLISHED CVSS 7.5 HIGH

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.4	rsync	3.1.1-r1, 3.0.8-r0, 0
Alpine:v3.5	rsync	3.1.2-r3, 3.1.2-r3, 3.1.2-r2
Alpine:v3.6	rsync	0, 3.0.5-r0, 3.0.6-r0
Alpine:v3.7	rsync	3.1.2-r3, 3.1.2-r2, 0

Timeline

Jan 17, 2018 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-5764 advisory

Open in Interactive Console →