VDB

GCVE-110-MAGEIA-2017-459

GCVE-110-MAGEIA-2017-459
Advisory Published
Vulnetix · Advisory published December 21, 2017
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. (CVE-2017-16548)

Affected Products

VendorProductVersionsPlatforms
Mageiarsync0 (affected), 3.1.1-5.3.mga5 (unaffected)
Mageiarsync0 (affected), 3.1.2-1.2.mga6 (unaffected)

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›