Fluid Attacks Database

Description

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	rsync	=3.2.7-1 \|\| =3.2.7-1+deb12u1 \|\| =3.2.7-1+deb12u2 \|\| =3.2.7-1+deb12u3 \|\| =3.2.7-1+deb12u4 \|\| >=0 <3.2.7-1+deb12u5	3.2.7-1+deb12u5
debian 11	rsync	=3.2.3-4 \|\| =3.2.3-4+deb11u1 \|\| =3.2.3-4+deb11u2 \|\| =3.2.3-4+deb11u3 \|\| >=0 <3.2.3-4+deb11u4	3.2.3-4+deb11u4
debian 13	rsync	=3.4.1+ds1-5 \|\| =3.4.1+ds1-5+deb13u1 \|\| =3.4.1+ds1-5+deb13u2 \|\| >=0 <3.4.1+ds1-5+deb13u3	3.4.1+ds1-5+deb13u3
debian 14	rsync	=3.4.1+ds1-5 \|\| =3.4.1+ds1-6 \|\| =3.4.1+ds1-7 \|\| =3.4.1+ds1-8~exp1 \|\| =3.4.2+ds1-1 \|\| =3.4.2+ds1-2 \|\| >=0 <3.4.3+ds1-1	3.4.3+ds1-1
alpine v3.21	rsync	>=0 <3.4.3-r0	3.4.3-r0
alpine v3.20	rsync	>=0 <3.4.3-r0	3.4.3-r0
alpine v3.22	rsync	>=0 <3.4.3-r0	3.4.3-r0
alpine v3.23	rsync	>=0 <3.4.3-r0	3.4.3-r0
rpm rhel6	rsync	-	-
rpm rhel10	rsync	-	-

1-10 of 13

Aliases

1. CVE-2026-436182. NVD-2026-436183. OSV-DEBIAN-2026-436184. OSV-2026-436185. OSV-ALPINE-2026-436186. SECURITY-TRACKER-CVE-2026-436187. SECURITY-CVE-2026-43618

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.