CVE-2024-12085

HIGH EPSS 94.8%

Published Jan 14, 20251y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Jan 14, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

94.8% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-908

Affected Products 63

Vendor	Product	Version	Range
samba	rsync	*	<3.3.0
redhat	openshift	5.0	any
redhat	openshift_container_platform	4.12	any
redhat	openshift_container_platform	4.13	any
redhat	openshift_container_platform	4.14	any
redhat	openshift_container_platform	4.15	any
redhat	openshift_container_platform	4.16	any
redhat	openshift_container_platform	4.17	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any
redhat	enterprise_linux_eus	8.8	any
redhat	enterprise_linux_eus	9.2	any
redhat	enterprise_linux_eus	9.4	any
redhat	enterprise_linux_eus	9.6	any
redhat	enterprise_linux_for_arm_64	8.0_aarch64	any
redhat	enterprise_linux_for_arm_64	9.0_aarch64	any
redhat	enterprise_linux_for_arm_64	9.2_aarch64	any
redhat	enterprise_linux_for_arm_64_eus	8.8_aarch64	any
redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64	any
redhat	enterprise_linux_for_arm_64_eus	9.6_aarch64	any
redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x	any
redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x	any
redhat	enterprise_linux_for_ibm_z_systems	9.2_s390x	any
redhat	enterprise_linux_for_ibm_z_systems_eus	8.8_s390x	any
redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	any
redhat	enterprise_linux_for_ibm_z_systems_eus	9.6_s390x	any
redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le	any
redhat	enterprise_linux_for_power_little_endian	8.8_ppc64le	any
redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	any
redhat	enterprise_linux_for_power_little_endian	9.2_ppc64le	any
redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	any
redhat	enterprise_linux_for_power_little_endian_eus	9.6_ppc64le	any
redhat	enterprise_linux_server	6.0	any
redhat	enterprise_linux_server	7.0	any
redhat	enterprise_linux_server_aus	8.2	any
redhat	enterprise_linux_server_aus	8.4	any
redhat	enterprise_linux_server_aus	8.6	any
redhat	enterprise_linux_server_aus	9.2	any
redhat	enterprise_linux_server_aus	9.4	any
redhat	enterprise_linux_server_aus	9.6	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.4_ppc64le	any
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.6_ppc64le	any
redhat	enterprise_linux_server_tus	8.4	any
redhat	enterprise_linux_server_tus	8.6	any
redhat	enterprise_linux_server_tus	8.8	any
redhat	enterprise_linux_update_services_for_sap_solutions	8.4	any
redhat	enterprise_linux_update_services_for_sap_solutions	8.6	any
redhat	enterprise_linux_update_services_for_sap_solutions	9.0	any
redhat	enterprise_linux_update_services_for_sap_solutions	9.2	any
redhat	enterprise_linux_update_services_for_sap_solutions	9.6	any
almalinux	almalinux	8.0	any
almalinux	almalinux	9.0	any
almalinux	almalinux	10.0	any
archlinux	arch_linux	*	any
gentoo	linux	*	any
nixos	nixos	*	<24.11
suse	suse_linux	*	any
tritondatacenter	smartos	*	<20250123

References 28

access.redhat.com https://access.redhat.com/errata/RHBA-2025:6470
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0324

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0325

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0637

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0688

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0714

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0774

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0787

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0790

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0849

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0884

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0885

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1120

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1123

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1128

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1225

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1227

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1242

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1451

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:21885
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2701

Third Party Advisory
access.redhat.com https://access.redhat.com/security/cve/CVE-2024-12085

Third Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2330539

Issue TrackingThird Party Advisory
github.com https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj

ExploitThird Party Advisory
kb.cert.org https://kb.cert.org/vuls/id/952657

Third Party Advisory
lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
security.netapp.com https://security.netapp.com/advisory/ntap-20250131-0002/
kb.cert.org https://www.kb.cert.org/vuls/id/952657

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.