CVE-2024-12084
CRITICAL EPSS 99.4%
Published Jan 15, 20251y ago · Modified Jun 25, 20264d ago
9.8 CVSS 3.1
Published Jan 15, 2025 1y ago
Last Modified Jun 25, 2026 4d ago
Description
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
99.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 2
CWE-122
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 10
References 8
- openwall.com http://www.openwall.com/lists/oss-security/2025/01/14/6
- access.redhat.com https://access.redhat.com/errata/RHBA-2025:6470
- access.redhat.com https://access.redhat.com/security/cve/CVE-2024-12084
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2330527
- github.com https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
- kb.cert.org https://kb.cert.org/vuls/id/952657
- security.netapp.com https://security.netapp.com/advisory/ntap-20250131-0002/
- kb.cert.org https://www.kb.cert.org/vuls/id/952657
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.