Fluid Attacks Database

Description

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	rsync	>=0 <3.1.0-3	3.1.0-3
debian 13	rsync	>=0 <3.1.0-3	3.1.0-3
debian 12	rsync	>=0 <3.1.0-3	3.1.0-3
debian 14	rsync	>=0 <3.1.0-3	3.1.0-3

Aliases

1. CVE-2014-28552. NVD-2014-28553. OSV-DEBIAN-2014-28554. OSV-2014-28555. SECURITY-TRACKER-CVE-2014-2855

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.