CVE-2026-45232

LOW 3.1

Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

CVSS Score

3.1

EPSS Score

0.0%

EPSS Percentile

9th

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.

CWE	CWE-193
Vendor	rsyncproject
Product	rsync
Published	May 20, 2026
Last Updated	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for rsyncproject rsync

Be the first to know when new low vulnerabilities affecting rsyncproject rsync are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected Versions

RsyncProject / rsync

0 < 3.4.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8 github.com: https://github.com/RsyncProject/rsync/releases/tag/v3.4.3 vulncheck.com: https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy

Credits

Michal Ruprich