216.73.217.172

CVE-2026-45232

· Published 20/05/2026 02:16 · Modified 21/05/2026 20:52

Labels: CVE-2026-45232 2026-05-20CVE-2026-45232CWE-193[email protected]

Essential information

Published
20/05/2026 02:16
Modified
21/05/2026 20:52
Author
Creator
CVSS
2.1 LOW (v3) 2.1 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
samba / rsync cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*

References