cvedb.io
CVE-2017-16548
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-11-06T05:29:00.253 · Last modified 2026-06-17T01:09:27.160

Summary

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

Affected products

samba — rsync

Does this affect you?

Add your gear to cvedb and we'll alert you only when samba ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.