Search
Search is not available in local development.
Run npx pagefind --site __site after building to enable it.
JLSEC-2026-625 Medium 4.3

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds...

JLSEC Published
Modified
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Packages
rsync_jll < 3.4.4+0
Aliases / Upstream
CVE-2025-10158 GHSA-3rvc-qcwh-fhqv EUVD-2025-198005

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The

malicious

rsync client requires at least read access to the remote rsync module in order to trigger the issue.

References