UAF in rsync 3.4.1 and below

56% confidence

Description

The receive_xattr() function in rsync uses a wire-supplied count value for qsort() that may exceed the number of valid items after xattr filtering. This leads to use-after-free conditions when stale array entries are processed, causing double-free or free-of-allocated-memory scenarios during xattr handling.

Affected Products

Vendor	Product	Versions
—	rsync	3.0.1 - 3.4.1

Related News (1 articles)

Tier C

oss-security3h ago

UAF in rsync 3.4.1 and below

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-416

PublishedApr 16, 2026

Last enriched2h ago

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: reported

Confidence: 56%

Vulnerability Timeline

CVE Published

Apr 16, 2026

Discovered by ZDM

Apr 16, 2026