CVE-2018-5764

HIGH

rsync < 3.1.3 - Argument Sanitization Bypass via Multiple --protect-args Uses

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-5764. PoCs published by waleedadam360-web.

AI-analyzed exploit summary This repository contains a browser extension designed to detect unsafe Rsync commands by checking for the absence of the `--protect-args` flag, which mitigates CVE-2018-5764. It provides real-time scanning, alerts, and mitigation guidance for users.

Description

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

Exploits (1)

nomisec SCANNER
by waleedadam360-web · poc
https://github.com/waleedadam360-web/SyncShield

This repository contains a browser extension designed to detect unsafe Rsync commands by checking for the absence of the `--protect-args` flag, which mitigates CVE-2018-5764. It provides real-time scanning, alerts, and mitigation guidance for users.

Classification
Scanner 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Rsync (versions affected by CVE-2018-5764)
No auth needed
Prerequisites: User must input or paste an Rsync command into the extension
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040276
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3543-1/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201805-04
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102803
Release Notes, Vendor Advisory x_refsource_confirm
https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/11/msg00028.html

Scores

CVSS v3 7.5
EPSS 0.0634
EPSS Percentile 92.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (7)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.10
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
samba/rsync < 3.1.3
Published Jan 17, 2018
Tracked Since Feb 18, 2026