{"id":"JLSEC-2026-625","summary":"A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds...","details":"A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The\n\nmalicious\n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue.","modified":"2026-07-02T05:46:46.788730289Z","published":"2026-06-25T17:41:14.392Z","upstream":["CVE-2025-10158","GHSA-3rvc-qcwh-fhqv","EUVD-2025-198005"],"database_specific":{"sources":[{"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10158","imported":"2026-06-25T17:27:26.556Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-10158","modified":"2026-06-17T08:27:47.720Z","id":"CVE-2025-10158","published":"2025-11-18T15:16:25.433Z","database_specific":{"status":"Deferred"}},{"html_url":"https://github.com/advisories/GHSA-3rvc-qcwh-fhqv","imported":"2026-06-25T17:27:26.886Z","url":"https://api.github.com/advisories/GHSA-3rvc-qcwh-fhqv","modified":"2025-11-18T15:30:54Z","published":"2025-11-18T15:30:53Z","id":"GHSA-3rvc-qcwh-fhqv"},{"html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-198005","imported":"2026-06-25T17:27:24.697Z","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-198005","modified":"2025-11-19T16:48:56Z","id":"EUVD-2025-198005","published":"2025-11-18T14:24:19Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"},{"type":"WEB","url":"https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"},{"type":"WEB","url":"https://github.com/advisories/GHSA-3rvc-qcwh-fhqv"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10158"}],"affected":[{"package":{"name":"rsync_jll","ecosystem":"Julia","purl":"pkg:julia/rsync_jll?uuid=191d6b87-264a-55f5-a0e2-c8fbce9a1ce0"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.4.4+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-625.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}