CVE-2024-12085

Published: January 15, 2025Last modified: January 17, 2025

Description

A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Severity score breakdown

Status

References

• https://access.redhat.com/errata/RHSA-2025:0324
• https://access.redhat.com/errata/RHSA-2025:0325
• https://access.redhat.com/errata/RHSA-2025:0637
• https://access.redhat.com/errata/RHSA-2025:0688
• https://access.redhat.com/errata/RHSA-2025:0714
• https://access.redhat.com/errata/RHSA-2025:0774
• https://access.redhat.com/errata/RHSA-2025:0787
• https://access.redhat.com/errata/RHSA-2025:0790
• https://access.redhat.com/errata/RHSA-2025:0849
• https://access.redhat.com/errata/RHSA-2025:0884
• https://access.redhat.com/errata/RHSA-2025:0885
• https://access.redhat.com/errata/RHSA-2025:1120
• https://access.redhat.com/errata/RHSA-2025:1123
• https://access.redhat.com/errata/RHSA-2025:1128
• https://access.redhat.com/errata/RHSA-2025:1225
• https://access.redhat.com/errata/RHSA-2025:1227
• https://access.redhat.com/errata/RHSA-2025:1242
• https://access.redhat.com/errata/RHSA-2025:1451
• https://access.redhat.com/errata/RHSA-2025:2701
• https://access.redhat.com/security/cve/CVE-2024-12085
• https://bugzilla.redhat.com/show_bug.cgi?id=2330539
• https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
• https://kb.cert.org/vuls/id/952657