github - ghsa-3rvc-qcwh-fhqv

ghsa-3rvc-qcwh-fhqv

Vulnerability from github

Published

2025-11-18 15:30

Modified

2025-11-18 15:30

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The

malicious

rsync client requires at least read access to the remote rsync module in order to trigger the issue.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-10158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-129"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T15:16:25Z",
    "severity": "MODERATE"
  },
  "details": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue.",
  "id": "GHSA-3rvc-qcwh-fhqv",
  "modified": "2025-11-18T15:30:53Z",
  "published": "2025-11-18T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10158"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
    },
    {
      "type": "WEB",
      "url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-10158 (GCVE-0-2025-10158)

Vulnerability from cvelistv5

Published

2025-11-18 14:24

Modified

2025-11-19 16:48

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-129 - Improper Validation of Array Index

Summary

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

References

URL

Tags

	https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f	patch
	https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1	technical-description

Impacted products

	Vendor	Product	Version
	rsync	rsync	Version: 0 ≤ 3.4.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T16:15:02.998218Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T16:48:56.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "rsync",
          "vendor": "rsync",
          "versions": [
            {
              "lessThanOrEqual": "3.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Calum Hutton"
        }
      ],
      "datePublic": "2025-11-18T14:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
            }
          ],
          "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-129",
              "description": "CWE-129 Improper Validation of Array Index",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T14:45:58.065Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-19T06:11:00.000Z",
          "value": "Rapid7 makes initial outreach to rsync maintainers"
        },
        {
          "lang": "en",
          "time": "2025-03-19T10:04:00.000Z",
          "value": "Rsync maintainers confirm outreach"
        },
        {
          "lang": "en",
          "time": "2025-03-20T10:34:00.000Z",
          "value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"
        },
        {
          "lang": "en",
          "time": "2025-04-02T03:05:00.000Z",
          "value": "Rapid7 requests confirmation of findings"
        },
        {
          "lang": "en",
          "time": "2025-04-06T09:30:00.000Z",
          "value": "Rsync maintainers indicate more time is needed"
        },
        {
          "lang": "en",
          "time": "2025-04-16T05:31:00.000Z",
          "value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"
        },
        {
          "lang": "en",
          "time": "2025-04-17T01:56:00.000Z",
          "value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"
        },
        {
          "lang": "en",
          "time": "2025-05-07T09:08:00.000Z",
          "value": "Rapid7 requests an update"
        },
        {
          "lang": "en",
          "time": "2025-05-12T06:08:00.000Z",
          "value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"
        },
        {
          "lang": "en",
          "time": "2025-05-28T09:40:00.000Z",
          "value": "Rapid7 requests an update"
        },
        {
          "lang": "en",
          "time": "2025-06-17T04:19:00.000Z",
          "value": "Rapid7 requests an update"
        },
        {
          "lang": "en",
          "time": "2025-08-18T11:59:00.000Z",
          "value": "Rapid7 requests an update"
        },
        {
          "lang": "en",
          "time": "2025-08-23T09:17:00.000Z",
          "value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"
        },
        {
          "lang": "en",
          "time": "2025-09-02T04:23:00.000Z",
          "value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"
        },
        {
          "lang": "en",
          "time": "2025-09-09T11:18:00.000Z",
          "value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"
        },
        {
          "lang": "en",
          "time": "2025-11-11T04:42:00.000Z",
          "value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."
        },
        {
          "lang": "en",
          "time": "2025-11-18T14:00:00.000Z",
          "value": "This disclosure"
        }
      ],
      "title": "Rsync: Out of bounds array access via negative index",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2025-10158",
    "datePublished": "2025-11-18T14:24:19.210Z",
    "dateReserved": "2025-09-09T11:15:17.585Z",
    "dateUpdated": "2025-11-19T16:48:56.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.