{"id":"CVE-2017-17433","details":"The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.","modified":"2026-07-08T05:50:22.216736013Z","published":"2017-12-06T03:29:00.217Z","related":["SUSE-SU-2018:0117-1","SUSE-SU-2018:0118-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","extracted_events":[{"introduced":"7.0"},{"last_affected":"7.0"},{"introduced":"8.0"},{"last_affected":"8.0"},{"introduced":"9.0"},{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux"}]},"references":[{"type":"WEB","url":"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51"},{"type":"ADVISORY","url":"http://security.cucumberlinux.com/security/details.php?id=169"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4068"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1522874#c4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.samba.org/rsync.git/","events":[{"introduced":"16b49716d55a50f2e985b879b720b2c53c892a3a"},{"last_affected":"16b49716d55a50f2e985b879b720b2c53c892a3a"}],"database_specific":{"source":"CPE_STRING","extracted_events":[{"introduced":"3.1.2"},{"last_affected":"3.1.2"}],"cpe":"cpe:2.3:a:samba:rsync:3.1.2:*:*:*:*:*:*:*"}}],"versions":["3.1.2","v3.1.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17433.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}