A newly disclosed vulnerability in the widely used file-synchronization utility rsync — tracked as CVE-2025-10158 — allows a malicious rsync receiver to induce an out-of-bounds read of a heap buffer by exploiting a negative array index; the issue was fixed upstream in a small commit but remains...
