CVE-2025-67901
Unknown Unknown - Not Provided
Segmentation Fault Vulnerability in openrsync Server via Zero-Length Block Data

Publication date: 2025-12-15

Last updated on: 2025-12-15

Assigner: MITRE

Description
openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p->rem and p->len is not checked.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-15
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67901
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openbsd openrsync *
openbsd openrsync 0.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in openrsync (through version 0.5.0) allows a remote attacker to cause a server or client crash (SIGSEGV) by sending specially crafted block metadata with a zero length for block data. The issue arises because the code does not properly check the relationship between the remaining data size (p->rem) and the length (p->len). When p->len is zero, the validation is bypassed, allowing p->rem to be set to an arbitrarily large value. This leads to an out-of-bounds read from a small memory-mapped buffer, causing a segmentation fault and denial of service. Both malicious clients and servers can exploit this flaw to crash the other party during rsync operations. [2]

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to cause a denial of service (DoS) on your OpenRsync server or client. The attacker can crash the application by sending crafted block metadata that triggers a segmentation fault, resulting in service interruption. This could lead to downtime, loss of availability, and potential disruption of file synchronization services relying on OpenRsync. [2]

Detection Guidance

This vulnerability can be detected by monitoring for crashes (SIGSEGV) in the OpenRsync server or client processes, especially when handling rsync protocol version 27 connections. Detection can involve checking logs for segmentation faults or abnormal termination of OpenRsync processes. Additionally, network traffic analysis could look for rsync sessions where block metadata contains suspicious values such as block size (blksz) of 1, length (len) of 0, and a very large rem value (e.g., 0x40000000). However, no specific detection commands are provided in the resources. [2]

Mitigation Strategies

Immediate mitigation steps include updating OpenRsync to a version that includes the suggested fix, which adds validation to ensure the block size is neither zero nor larger than the mapped buffer size. If an update is not immediately available, consider restricting or monitoring rsync protocol version 27 traffic, and limiting access to OpenRsync servers to trusted clients to reduce exposure. Applying patches that add checks such as verifying that the block size (sz) is valid before processing can prevent exploitation. [2]

Compliance Impact

This vulnerability allows remote attackers to cause a denial of service (DoS) by crashing the OpenRsync server or client through crafted block metadata. While it does not directly lead to data disclosure or integrity loss, the resulting service disruption could impact availability requirements under standards like GDPR and HIPAA. Therefore, organizations relying on OpenRsync for data transfer should consider this vulnerability as a risk to system availability, which is a component of compliance with such regulations. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67901. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart