Nixpkgs security tracker
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Rsync: info leak via uninitialized stack contents
A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
References
Affected products
- *
- *
- =<3.3.0
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
Matching in nixpkgs
pkgs.rsync
Fast incremental file transfer utility
pkgs.grsync
Synchronize folders, files and make backups
pkgs.rrsync
Helper to run rsync-only environments from ssh-logins
pkgs.librsync
Implementation of the rsync remote-delta algorithm
pkgs.diskrsync
Rsync for block devices and disk images
pkgs.openrsync
BSD-licensed implementation of rsync
-
nixos-unstable 2022-05-08
- nixpkgs-unstable 2022-05-08
- nixos-unstable-small 2022-05-08
pkgs.vdirsyncer
Synchronize calendars and contacts
pkgs.emacsPackages.rsync-mode
None
-
nixos-unstable 20210911.0
- nixpkgs-unstable 20210911.0
- nixos-unstable-small 20210911.0
pkgs.emacsPackages.dired-rsync
None
-
nixos-unstable 20230822.1350
- nixpkgs-unstable 20230822.1350
- nixos-unstable-small 20230822.1350
pkgs.python311Packages.sysrsync
Simple and safe system's rsync wrapper for Python
pkgs.python312Packages.sysrsync
Simple and safe system's rsync wrapper for Python
pkgs.python311Packages.vdirsyncer
Synchronize calendars and contacts
pkgs.python312Packages.vdirsyncer
Synchronize calendars and contacts
pkgs.emacsPackages.dired-rsync-transient
None
-
nixos-unstable 20230714.1459
- nixpkgs-unstable 20230714.1459
- nixos-unstable-small 20230714.1459
Package maintainers
-
@jluttine Jaakko Luttinen <jaakko.luttinen@iki.fi>
-
@kuznero Roman Kuznetsov <roman@kuznero.com>
-
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
-
@veprbl Dmitry Kalinkin <veprbl@gmail.com>
-
@kampfschlaefer Arnold Krille <arnold@arnoldarts.de>
-
@ivan Ivan Kozik <ivan@ludios.org>
-
@ehmry Emery Hemingway <ehmry@posteo.net>