{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/vex/2026/cve-2026-43620-els_os-ubuntu16_04els.json" } ], "tracking": { "current_release_date": "2026-06-16T00:11:50Z", "generator": { "date": "2026-06-16T17:57:20Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2026-43620-ELS_OS-UBUNTU16.04ELS", "initial_release_date": "2026-05-20T02:16:00Z", "revision_history": [ { "date": "2026-05-20T02:16:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-22T16:08:36Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-05-27T14:47:33Z", "number": "3", "summary": "Update document" }, { "date": "2026-06-13T15:29:19Z", "number": "4", "summary": "Update document" }, { "date": "2026-06-16T00:11:50Z", "number": "5", "summary": "Update document" } ], "status": "final", "version": "5" }, "title": "Security update on CVE-2026-43620" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3.amd64", "product_identification_helper": { "purl": "pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els5?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els7?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els4?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els8?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els6?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els3?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els9?arch=amd64" } } }, { "category": "product_version", "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64", "product": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64", "product_id": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/rsync@3.1.1-3ubuntu1.3%2Btuxcare.els10?arch=amd64" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64" }, "product_reference": "rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-43620", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-43620" }, { "category": "external", "summary": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3", "url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3" }, { "category": "external", "summary": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm", "url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm" }, { "category": "external", "summary": "https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files", "url": "https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files" } ], "release_date": "2026-05-20T02:16:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-05-21T12:08:32.846597Z", "details": "- Exploitation requires the rsync client to actively connect to and exchange a file list with an attacker‑controlled rsync server; without initiating a sync to an untrusted remote, the condition cannot be triggered. \n- The flaw causes a deterministic client‑side crash (SIGSEGV) from an out‑of‑bounds read, with no confidentiality or integrity impact, so the effect is limited to availability of the rsync process. \n- In centrally managed environments where rsync remotes are preapproved and restricted to trusted endpoints, the prerequisite of a malicious server is absent, making the practical risk low and suitable for deprioritization.", "product_ids": [ "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3.amd64" ] }, { "category": "no_fix_planned", "date": "2026-06-16T12:17:24.170450Z", "details": "Deprioritize: this flaw only lets a malicious rsync server crash the client via an out‑of‑bounds read in the receiver path, with no confidentiality or integrity impact and no code execution. Exploitation requires the client to actively pull from a malicious or compromised rsync server and accept its protocol stream; when rsync is used over SSH or with authenticated daemon mode, an unauthenticated network adversary cannot inject such traffic. In centrally managed environments with fixed rsync peers, the practical effect is limited to a transient job failure (client process SIGSEGV) rather than system compromise.", "product_ids": [ "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3.amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els1.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els10.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els2.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els3.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els4.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els5.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els6.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els7.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els8.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3+tuxcare.els9.amd64", "Ubuntu-16:rsync-0:3.1.1-3ubuntu1.3.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }