Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-20T00:00:00 rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-190

A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak sensitive process memory contents, including environment variables, passwords, and memory pointers, which significantly weakens Address Space Layout Randomization (ASLR) and can facilitate further exploitation.

This flaw in rsync's compressed-token decoding allows an authenticated remote attacker to trigger an integer overflow. This can lead to memory disclosure, potentially exposing sensitive information such as environment variables or heap pointers, thereby weakening Address Space Layout Randomization (ASLR) and aiding further exploitation. The vulnerability is present when rsync is configured as a daemon with compression enabled, which is the default for protocols version 30 and higher. Disable compression on the rsync daemon by adding `refuse options = compress` to the `rsyncd.conf` file. A restart of the rsync daemon service is required for the change to take effect and may impact transfer performance. Red Hat Enterprise Linux 10 Affected rsync Red Hat Enterprise Linux 6 Affected rsync Red Hat Enterprise Linux 7 Affected rsync Red Hat Enterprise Linux 8 Affected rsync Red Hat Enterprise Linux 9 Affected rsync Red Hat OpenShift Container Platform 4 Affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-43618 https://nvd.nist.gov/vuln/detail/CVE-2026-43618