We have discovered a critical arbitrary file write vulnerability
in the rsync utility that allows malicious remote servers to write
arbitrary files inside the directories of connecting peers.
The server chooses which files/directories are sent to the client.
Due to the insufficient controls inside the do_server_recv function
a malicious rysnc server (or Man-in-The-Middle attacker) can
overwrite arbitrary files in the rsync client target directory and
subdirectories.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrsync< 3.2.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	rsync	< 3.2.5	UNKNOWN

References

www.openwall.com/lists/oss-security/2022/08/02/1

nessus 53

cbl_mariner 2

nvd 1

redhatcve 1

redhat 36

openvas 27

broadcom 1

amazon 1

prion 1

veracode 1

suse 3

photon 5

rocky 2

oraclelinux 3

debiancve 1

cloudfoundry 1

githubexploit 1

osv 5

ibm 10

ubuntu 1

alpinelinux 1

cloudlinux 2

redos 1

ubuntucve 1

almalinux 1

cvelist 1

slackware 1

cve 1

mageia 1

centos 1

fedora 2

rosalinux 1

attackerkb 1

gentoo 1

ics 1

nessus

FreeBSD : rsync -- client-side arbitrary file write vulnerability (21f43976-1887-11ed-9911-40b034429ecf)

2022-08-11 00:00:00

SUSE SLED15 / SLES15 Security Update : rsync (SUSE-SU-2022:2825-1)

2022-08-17 00:00:00

Oracle Linux 8 : rsync (ELSA-2022-6180)

2022-08-25 00:00:00

cbl_mariner

CVE-2022-29154 affecting package rsync 3.1.3-5

2022-12-27 17:55:43

CVE-2022-29154 affecting package rsync for versions less than 3.2.5-1

2022-08-31 06:17:56

nvd

CVE-2022-29154

2022-08-02 15:15:08

redhatcve

CVE-2022-29154

2022-08-02 13:40:01

redhat

(RHSA-2022:6180) Important: rsync security update

2022-08-24 17:04:49

(RHSA-2022:6170) Important: rsync security update

2022-08-24 16:38:50

(RHSA-2022:6173) Important: rsync security update

2022-08-24 16:43:45

openvas

Slackware: Security Advisory (SSA:2022-227-01)

2022-08-16 00:00:00

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2023-2204)

2023-06-12 00:00:00

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2022-2448)

2022-10-10 00:00:00

broadcom

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.

2023-08-01 00:00:00

amazon

Important: rsync

2022-10-31 19:40:00

prion

Input validation

2022-08-02 15:15:00

veracode

Directory Traversal

2022-08-09 00:45:20

suse

Security update for rsync (important)

2022-09-01 00:00:00

Security update for rsync (important)

2022-08-16 00:00:00

Security update for rsync (important)

2022-08-31 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0430

2022-08-05 00:00:00

Important Photon OS Security Update - PHSA-2022-0223

2022-08-04 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0223

2022-08-04 00:00:00

rocky

rsync security update

2022-08-24 17:04:49

rsync security update

2022-08-24 17:06:01

oraclelinux

rsync security update

2022-08-25 00:00:00

rsync security update

2022-08-25 00:00:00

rsync security update

2022-08-25 00:00:00

debiancve

CVE-2022-29154

2022-08-02 15:15:08

cloudfoundry

USN-5921-1: rsync vulnerabilities | Cloud Foundry

2023-03-23 00:00:00

githubexploit

Exploit for Improper Input Validation in Samba Rsync

2022-09-14 13:59:21

osv

rsync vulnerabilities

2023-03-06 12:11:44

Important: rsync security update

2022-08-24 17:06:01

Important: rsync security update

2022-08-24 00:00:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Rsync [CVE-2022-29154]

2024-02-29 20:30:34

Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities (CVE-2022-29154, CVE-2022-0391)

2023-04-03 21:42:39

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities.

2022-11-09 18:42:35

ubuntu

rsync vulnerabilities

2023-03-06 00:00:00

alpinelinux

CVE-2022-29154

2022-08-02 15:15:08

cloudlinux

Fixed CVE-2022-29154 in rsync

2022-08-17 18:45:47

Fixed CVE-2022-29154 in rsync

2022-09-08 17:32:28

redos

ROS-20221216-02

2022-12-16 00:00:00

ubuntucve

CVE-2022-29154

2022-08-02 00:00:00

almalinux

Important: rsync security update

2022-08-24 00:00:00

cvelist

CVE-2022-29154

2022-08-02 14:22:52

slackware

[slackware-security] rsync

2022-08-15 20:27:07

cve

CVE-2022-29154

2022-08-02 15:15:08

mageia

Updated rsync packages fix security vulnerability

2022-08-26 00:21:07

centos

rsync security update

2022-09-01 22:04:24

fedora

[SECURITY] Fedora 35 Update: rsync-3.2.5-1.fc35

2022-08-31 10:15:04

[SECURITY] Fedora 36 Update: rsync-3.2.5-1.fc36

2022-08-18 02:05:16

rosalinux

Advisory ROSA-SA-2023-2230

2023-09-05 12:16:03

attackerkb

CVE-2019-6111

2019-01-31 00:00:00

gentoo

rsync: Multiple Vulnerabilities

2024-05-08 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for 21F43976-1887-11ED-9911-40B034429ECF