{"id":"USN-4292-1","summary":"rsync vulnerabilities","details":"It was discovered that rsync incorrectly handled pointer arithmetic in zlib.\nAn attacker could use this issue to cause rsync to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-9840,\nCVE-2016-9841)\n\nIt was discovered that rsync incorrectly handled vectors involving left shifts\nof negative integers in zlib. An attacker could use this issue to cause rsync\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-9842)\n\nIt was discovered that rsync incorrectly handled vectors involving big-endian\nCRC calculation in zlib. An attacker could use this issue to cause rsync to\ncrash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-9843)\n","modified":"2026-02-10T04:41:47Z","published":"2020-02-25T01:11:35Z","related":["UBUNTU-CVE-2016-9840","UBUNTU-CVE-2016-9841","UBUNTU-CVE-2016-9842","UBUNTU-CVE-2016-9843"],"upstream":["CVE-2016-9840","CVE-2016-9841","CVE-2016-9842","CVE-2016-9843","UBUNTU-CVE-2016-9840","UBUNTU-CVE-2016-9841","UBUNTU-CVE-2016-9842","UBUNTU-CVE-2016-9843"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4292-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9840"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9841"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9842"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9843"}],"affected":[{"package":{"name":"rsync","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.1-3ubuntu1.3"}]}],"versions":["3.1.1-3","3.1.1-3ubuntu1","3.1.1-3ubuntu1.1","3.1.1-3ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.1.1-3ubuntu1.3","binary_name":"rsync"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4292-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9840"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9841"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9842"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9843"}],"ecosystem":"Ubuntu:16.04:LTS"}}},{"package":{"name":"rsync","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.2-2.1ubuntu1.1"}]}],"versions":["3.1.2-2","3.1.2-2.1","3.1.2-2.1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.1.2-2.1ubuntu1.1","binary_name":"rsync"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4292-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9840"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9841"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9842"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9843"}],"ecosystem":"Ubuntu:18.04:LTS"}}}],"schema_version":"1.7.3"}