CVE-2011-1097

2011-03-3022:55:01

CWE-119

redhat

web.nvd.nist.gov

rsync

denial of service

code execution

cve-2011-1097

nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

Affected configurations

Nvd

Node

sambarsyncMatch3.0.0

sambarsyncMatch3.0.1

sambarsyncMatch3.0.2

sambarsyncMatch3.0.3

sambarsyncMatch3.0.4

sambarsyncMatch3.0.5

sambarsyncMatch3.0.6

sambarsyncMatch3.0.7

VendorProductVersionCPE
sambarsync3.0.0cpe:2.3:a:samba:rsync:3.0.0:*:*:*:*:*:*:*
sambarsync3.0.1cpe:2.3:a:samba:rsync:3.0.1:*:*:*:*:*:*:*
sambarsync3.0.2cpe:2.3:a:samba:rsync:3.0.2:*:*:*:*:*:*:*
sambarsync3.0.3cpe:2.3:a:samba:rsync:3.0.3:*:*:*:*:*:*:*
sambarsync3.0.4cpe:2.3:a:samba:rsync:3.0.4:*:*:*:*:*:*:*
sambarsync3.0.5cpe:2.3:a:samba:rsync:3.0.5:*:*:*:*:*:*:*
sambarsync3.0.6cpe:2.3:a:samba:rsync:3.0.6:*:*:*:*:*:*:*
sambarsync3.0.7cpe:2.3:a:samba:rsync:3.0.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	rsync	3.0.0	cpe:2.3:a:samba:rsync:3.0.0:::::::*
samba	rsync	3.0.1	cpe:2.3:a:samba:rsync:3.0.1:::::::*
samba	rsync	3.0.2	cpe:2.3:a:samba:rsync:3.0.2:::::::*
samba	rsync	3.0.3	cpe:2.3:a:samba:rsync:3.0.3:::::::*
samba	rsync	3.0.4	cpe:2.3:a:samba:rsync:3.0.4:::::::*
samba	rsync	3.0.5	cpe:2.3:a:samba:rsync:3.0.5:::::::*
samba	rsync	3.0.6	cpe:2.3:a:samba:rsync:3.0.6:::::::*
samba	rsync	3.0.7	cpe:2.3:a:samba:rsync:3.0.7:::::::*