Rsync: rsync server leaks arbitrary client files
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
Affected products
- =<3.3.0
Matching in nixpkgs
pkgs.rrsync
Helper to run rsync-only environments from ssh-logins
-
nixos-unstable -
- nixpkgs-unstable 3.4.1
pkgs.librsync
Implementation of the rsync remote-delta algorithm
-
nixos-unstable -
- nixpkgs-unstable 2.3.4
pkgs.openrsync
BSD-licensed implementation of rsync
-
nixos-unstable -
- nixpkgs-unstable 2025-01-27
pkgs.sqlite-rsync
Database remote-copy tool for SQLite
-
nixos-unstable -
- nixpkgs-unstable 3.50.2
pkgs.vdirsyncerStable
Synchronize calendars and contacts
-
nixos-unstable -
- nixpkgs-unstable 0.20.0
pkgs.yaziPlugins.rsync
Simple rsync plugin for yazi file manager
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2025-06-09
pkgs.vimPlugins.ethersync
Real-time co-editing of local text files
-
nixos-unstable -
- nixpkgs-unstable 0.7.0
pkgs.python312Packages.sysrsync
Simple and safe system's rsync wrapper for Python
-
nixos-unstable -
- nixpkgs-unstable 1.1.1
pkgs.python313Packages.sysrsync
Simple and safe system's rsync wrapper for Python
-
nixos-unstable -
- nixpkgs-unstable 1.1.1
pkgs.python312Packages.vdirsyncer
Synchronize calendars and contacts
-
nixos-unstable -
- nixpkgs-unstable 0.20.0
pkgs.python313Packages.vdirsyncer
Synchronize calendars and contacts
-
nixos-unstable -
- nixpkgs-unstable 0.20.0
pkgs.vscode-extensions.ethersync.ethersync
Extension for real-time co-editing of local text files
-
nixos-unstable -
- nixpkgs-unstable 0.4.0
Package maintainers
-
@jluttine Jaakko Luttinen <jaakko.luttinen@iki.fi>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@wegank Weijia Wang <contact@weijia.wang>
-
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
-
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
-
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
-
@fricklerhandwerk Valentin Gagarin <valentin@fricklerhandwerk.de>
-
@kuznero Roman Kuznetsov <roman@kuznero.com>
-
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
-
@veprbl Dmitry Kalinkin <veprbl@gmail.com>
-
@stephen-huan Stephen Huan <stephen.huan@cgdct.moe>
-
@kampfschlaefer Arnold Krille <arnold@arnoldarts.de>
-
@ivan Ivan Kozik <ivan@ludios.org>
-
@nycodeghg Marie Ramlow <tabmeier12+nix@gmail.com>
-
@JohnAZoidberg Daniel Schäfer <git@danielschaefer.me>
-
@teto Matthieu Coudron <mcoudron@hotmail.com>