CVE-2011-1097
EPSS 2.2%
Description
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.
How to fix CVE-2011-1097
To remediate CVE-2011-1097, upgrade the affected package to a fixed version below.
- Debian/rsync—upgrade to 3.0.8 or later
Is CVE-2011-1097 being exploited?
Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.0.8