FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

librsync -- collision vulnerability

Affected packages
librsync < 1.0.0


VuXML ID b22b016b-b633-11e5-83ef-14dae9d210b8
Discovery 2014-07-28
Entry 2016-01-08

Michael Samuel reports:

librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.


CVE Name CVE-2014-8242