CVE-2018-5764

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.1.3

Description The issue is related to the parse arguments function in options.c in rsyncd, which does not prevent multiple uses of the --protect-args parameter. This allows remote attackers to bypass an argument-sanitization protection mechanism, potentially compromising data integrity.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the --protect-args parameter in the parse arguments function to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

ALT-PU-2018-1219

BDU:2018-01509

CVE-2018-5764

DLA-1247-1

DLA-1725-1

DLA-2833-1

MGASA-2018-0103

OPENSUSE-SU-2024:11308-1

ROSA-SA-2025-2553

SUSE-SU-2018:0172-1

SUSE-SU-2018:0174-1

SUSE-SU-2018_0172-1

SUSE-SU-2018_0174-1

USN-3543-1

USN-3543-2

Affected Products

Alt Linux

Suse

Ubuntu

Rsync

CVE-2018-5764

Weakness Enumeration

Related Identifiers

Affected Products

References · 75