Michal Ruprich

**Name of the Vulnerable Software and Affected Versions** rsync versions prior to 3.4.3 **Description** An off-by-one out-of-bounds stack write exists in the `establish proxy connection()` function within socket.c. Network attackers can corrupt stack memory by sending a malformed HTTP proxy response. This occurs when the `RSYNC PROXY` environment variable is set and the attacker, by controlling the proxy server or positioning themselves between the client and proxy, sends a response line of 1023 or more bytes without a newline terminator, resulting in a null byte being written to an out-of-bounds stack address. **Recommendations** Update to version 3.4.3 or later. As a temporary workaround, avoid setting the `RSYNC PROXY` environment variable to minimize the risk of exploitation.