{"id":"UBUNTU-CVE-2014-8242","details":"librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.","modified":"2026-04-22T09:52:31.339506Z","published":"2015-10-26T17:59:00Z","upstream":["CVE-2014-8242"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-8242"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2014/10/12"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-8242"}],"affected":[{"package":{"name":"librsync","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/librsync@0.9.7-10?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.9.7-10"],"ecosystem_specific":{"binaries":[{"binary_name":"librsync1","binary_version":"0.9.7-10"},{"binary_name":"rdiff","binary_version":"0.9.7-10"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-8242.json"}},{"package":{"name":"librsync","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/librsync@0.9.7-10build1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.9.7-10","0.9.7-10build1"],"ecosystem_specific":{"binaries":[{"binary_name":"librsync1","binary_version":"0.9.7-10build1"},{"binary_name":"rdiff","binary_version":"0.9.7-10build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-8242.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"low"}]}