CVE-2024-12085

high

Description

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

References

https://www.bleepingcomputer.com/news/security/qnap-fixes-six-rsync-vulnerabilities-in-hbs-nas-backup-recovery-app/

https://www.openwall.com/lists/oss-security/2025/01/14/3

https://www.bleepingcomputer.com/news/security/over-660-000-rsync-servers-exposed-to-code-execution-attacks/

https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html

https://kb.cert.org/vuls/id/952657

https://bugzilla.redhat.com/show_bug.cgi?id=2330539

https://access.redhat.com/security/cve/CVE-2024-12085

https://access.redhat.com/errata/RHSA-2025:1451

https://access.redhat.com/errata/RHSA-2025:1242

https://access.redhat.com/errata/RHSA-2025:1227

https://access.redhat.com/errata/RHSA-2025:1225

https://access.redhat.com/errata/RHSA-2025:1128

https://access.redhat.com/errata/RHSA-2025:1123

https://access.redhat.com/errata/RHSA-2025:1120

https://access.redhat.com/errata/RHSA-2025:0885

https://access.redhat.com/errata/RHSA-2025:0884

https://access.redhat.com/errata/RHSA-2025:0849

https://access.redhat.com/errata/RHSA-2025:0790

https://access.redhat.com/errata/RHSA-2025:0787

https://access.redhat.com/errata/RHSA-2025:0774

https://access.redhat.com/errata/RHSA-2025:0714

https://access.redhat.com/errata/RHSA-2025:0688

https://access.redhat.com/errata/RHSA-2025:0637

https://access.redhat.com/errata/RHSA-2025:0325

https://access.redhat.com/errata/RHSA-2025:0324

Details

Source: Mitre, NVD

Published: 2025-01-14

Updated: 2025-02-20

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High