{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"rsync security update", "category":"general", "title":"Synopsis" }, { "text":"An update for rsync is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files are present at one of the ends of the link beforehand.\n\nSecurity Fix(es):\n\nRsync versionĀ 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client.(CVE-2026-43620)", "category":"general", "title":"Description" }, { "text":"An update for rsync is now available for openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"rsync", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2549", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2549" }, { "summary":"CVE-2026-43620", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43620&packageName=rsync" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43620" }, { "summary":"openEuler-SA-2026-2549 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2549.json" } ], "title":"An update for rsync is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-06-08T15:01:24+08:00", "revision_history":[ { "date":"2026-06-08T15:01:24+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-08T15:01:24+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-08T15:01:24+08:00", "id":"openEuler-SA-2026-2549", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-3.2.7-11.oe2403sp3.aarch64.rpm", "name":"rsync-3.2.7-11.oe2403sp3.aarch64.rpm" }, "name":"rsync-3.2.7-11.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64.rpm", "name":"rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64.rpm" }, "name":"rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-debugsource-3.2.7-11.oe2403sp3.aarch64.rpm", "name":"rsync-debugsource-3.2.7-11.oe2403sp3.aarch64.rpm" }, "name":"rsync-debugsource-3.2.7-11.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-help-3.2.7-11.oe2403sp3.aarch64.rpm", "name":"rsync-help-3.2.7-11.oe2403sp3.aarch64.rpm" }, "name":"rsync-help-3.2.7-11.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-3.2.7-11.oe2403sp3.src.rpm", "name":"rsync-3.2.7-11.oe2403sp3.src.rpm" }, "name":"rsync-3.2.7-11.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-3.2.7-11.oe2403sp3.x86_64.rpm", "name":"rsync-3.2.7-11.oe2403sp3.x86_64.rpm" }, "name":"rsync-3.2.7-11.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64.rpm", "name":"rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64.rpm" }, "name":"rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-debugsource-3.2.7-11.oe2403sp3.x86_64.rpm", "name":"rsync-debugsource-3.2.7-11.oe2403sp3.x86_64.rpm" }, "name":"rsync-debugsource-3.2.7-11.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rsync-help-3.2.7-11.oe2403sp3.x86_64.rpm", "name":"rsync-help-3.2.7-11.oe2403sp3.x86_64.rpm" }, "name":"rsync-help-3.2.7-11.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-3.2.7-11.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.aarch64", "name":"rsync-3.2.7-11.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64", "name":"rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-debugsource-3.2.7-11.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-debugsource-3.2.7-11.oe2403sp3.aarch64", "name":"rsync-debugsource-3.2.7-11.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-help-3.2.7-11.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-help-3.2.7-11.oe2403sp3.aarch64", "name":"rsync-help-3.2.7-11.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-3.2.7-11.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.src", "name":"rsync-3.2.7-11.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-3.2.7-11.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.x86_64", "name":"rsync-3.2.7-11.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64", "name":"rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-debugsource-3.2.7-11.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-debugsource-3.2.7-11.oe2403sp3.x86_64", "name":"rsync-debugsource-3.2.7-11.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rsync-help-3.2.7-11.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rsync-help-3.2.7-11.oe2403sp3.x86_64", "name":"rsync-help-3.2.7-11.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-43620", "notes":[ { "text":"Rsync versionĀ 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-debugsource-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-help-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.src", "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-debugsource-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-help-3.2.7-11.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-debugsource-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-help-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.src", "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-debugsource-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-help-3.2.7-11.oe2403sp3.x86_64" ], "details":"rsync security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2549" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-debuginfo-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-debugsource-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-help-3.2.7-11.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.src", "openEuler-24.03-LTS-SP3:rsync-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-debuginfo-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-debugsource-3.2.7-11.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:rsync-help-3.2.7-11.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43620" } ] }