The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
CVSS Score
7.8
EPSS Score
0.183
Published
2014-04-23
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
CVSS Score
7.5
EPSS Score
0.084
Published
2008-04-10