CNNVD-202511-1966 Information
CNNVD ID
CNNVD-202511-1966
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
Rsync是RsyncProject开源的一款快速且用途广泛的文件复制工具。用于远程文件和本地文件。 Rsync存在安全漏洞,该漏洞源于负数组索引导致的堆缓冲区越界读取,可能导致信息泄露。
Description (English)
Rsync is a fast and widely used document reproduction tool for RsyncProject open source. For remote and local files. There is a security loophole in Rsync, which stems from the cross-border reading of the buffer zone caused by the negative array index, which could lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
RsyncProject
Published
2025-11-18
Last Modified
2026-02-24
References
https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158 https://access.redhat.com/security/cve/cve-2025-10158 https://vigilance.fr/vulnerability/rsync-memory-corruption-via-Negative-Array-Index-48802
Patch
https://github.com/RsyncProject/rsync/releases
Share on: