CVE-2022-29154

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-29154
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29154.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-29154
Downstream
Related
Published
2022-08-02T15:15:08Z
Modified
2025-10-15T13:54:39.907429Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

References

Affected packages

Git / git.samba.org/rsync.git

Affected ranges

Type
GIT
Repo
https://git.samba.org/rsync.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0e10163a9d984a8858f7d83b5c7b46889536aa96

Affected versions

Other

mbp_bk_export0

v1.*

v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4

v2.*

v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7pre2
v2.4.7pre4
v2.5.0
v2.5.1
v2.5.1pre1
v2.5.1pre2
v2.5.1pre3
v2.5.2
v2.5.2pre1
v2.5.2pre2
v2.5.2pre3
v2.5.3
v2.5.3pre1
v2.5.4
v2.5.4pre1
v2.5.5
v2.5.5.rc1
v2.5.6
v2.6.0
v2.6.0pre1
v2.6.0pre2
v2.6.1
v2.6.1pre1
v2.6.1pre2
v2.6.2
v2.6.2pre1
v2.6.3
v2.6.3pre1
v2.6.3pre2
v2.6.4
v2.6.4pre1
v2.6.4pre2
v2.6.4pre3
v2.6.4pre4
v2.6.5
v2.6.5pre1
v2.6.5pre2
v2.6.6pre1
v2.6.7
v2.6.7pre1
v2.6.7pre2
v2.6.7pre3
v2.6.8
v2.6.8pre1
v2.6.9
v2.6.9pre1
v2.6.9pre2
v2.6.9pre3

v3.*

v3.0.0
v3.0.0pre1
v3.0.0pre10
v3.0.0pre2
v3.0.0pre3
v3.0.0pre4
v3.0.0pre5
v3.0.0pre6
v3.0.0pre7
v3.0.0pre8
v3.0.0pre9
v3.0.1
v3.0.1pre1
v3.0.1pre2
v3.0.1pre3
v3.0.2
v3.0.3
v3.0.3pre1
v3.0.3pre2
v3.0.3pre3
v3.1.0
v3.1.0pre1
v3.1.1
v3.1.1pre1
v3.1.1pre2
v3.1.2
v3.1.2pre1
v3.1.3
v3.1.3pre1
v3.2.0
v3.2.0pre1
v3.2.0pre2
v3.2.0pre3
v3.2.1
v3.2.1pre1
v3.2.2
v3.2.2pre1
v3.2.2pre2
v3.2.2pre3
v3.2.3
v3.2.3pre1
v3.2.4
v3.2.4pre1
v3.2.4pre2
v3.2.4pre3
v3.2.4pre4
v3.2.5pre1
v3.2.5pre2

Database specific

vanir_signatures

[
    {
        "source": "https://git.samba.org/rsync.git@0e10163a9d984a8858f7d83b5c7b46889536aa96",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "322418424648570989550611125486404332983",
                "2256083738362129417533540177355662595",
                "29260464724962235148672620000941125284",
                "233784350980936246018183436821512218824",
                "246181918994674120560928381981150588850",
                "181738393919906651933976864059518484652"
            ]
        },
        "target": {
            "file": "exclude.c"
        },
        "id": "CVE-2022-29154-702f3360"
    },
    {
        "source": "https://git.samba.org/rsync.git@0e10163a9d984a8858f7d83b5c7b46889536aa96",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "173887927958491418062456766931855792437",
            "length": 3583.0
        },
        "target": {
            "file": "exclude.c",
            "function": "add_implied_include"
        },
        "id": "CVE-2022-29154-d8f7c92f"
    }
]