These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-45232 affects Rsync versions before 3.4.3 and is a low-severity memory corruption flaw in HTTP proxy handling. The issue is an off-by-one out-of-bounds stack write in establish_proxy_connection() in socket.c, triggered when a malformed proxy response line of 1023 or more bytes is sent without a newline terminator. The vulnerability can be reached over the network, but it requires user interaction [truncated]
CVE-2026-43620 affects rsync 3.4.2 and earlier and can let a malicious rsync server crash the rsync client process. The flaw is a receiver-side out-of-bounds array read in recv_files() that can lead to a deterministic SIGSEGV when a crafted file list and transfer record are processed. NVD lists the issue as medium severity (CVSS 6.9) and the published vendor materials point to rsync 3.4.3 as the fix.
CVE-2026-41035 is a high-severity rsync flaw in which receive_xattr trusts an untrusted length value during a qsort call, leading to a receiver use-after-free. Exposure depends on running rsync with -X/--xattrs, with broader platform impact on non-Linux systems and many, but not all, common Linux configurations.
CVE-2017-7494 is a Samba remote code execution vulnerability that CISA has placed in the Known Exploited Vulnerabilities catalog. The KEV entry indicates known exploitation and notes known ransomware campaign use, so this should be treated as an urgent remediation item rather than a routine patch. The supplied CISA feed instructs affected organizations to apply updates per vendor instructions.