Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Published

2025-01-14T18:15:25.123

Last Modified

2025-07-16T16:04:48.867

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-908

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samba	rsync	< 3.3.0	Yes
Application	redhat	openshift	5.0	Yes
Application	redhat	openshift_container_platform	4.12	Yes
Application	redhat	openshift_container_platform	4.13	Yes
Application	redhat	openshift_container_platform	4.14	Yes
Application	redhat	openshift_container_platform	4.15	Yes
Application	redhat	openshift_container_platform	4.16	Yes
Application	redhat	openshift_container_platform	4.17	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux_eus	8.8	Yes
Operating System	redhat	enterprise_linux_eus	9.2	Yes
Operating System	redhat	enterprise_linux_eus	9.4	Yes
Operating System	redhat	enterprise_linux_eus	9.6	Yes
Operating System	redhat	enterprise_linux_for_arm_64	8.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64	9.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64	9.2_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	8.8_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.6_aarch64	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	9.2_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	8.8_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.6_s390x	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	8.8_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	9.2_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	8.2	Yes
Operating System	redhat	enterprise_linux_server_aus	8.4	Yes
Operating System	redhat	enterprise_linux_server_aus	8.6	Yes
Operating System	redhat	enterprise_linux_server_aus	9.2	Yes
Operating System	redhat	enterprise_linux_server_aus	9.4	Yes
Operating System	redhat	enterprise_linux_server_aus	9.6	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_tus	8.4	Yes
Operating System	redhat	enterprise_linux_server_tus	8.6	Yes
Operating System	redhat	enterprise_linux_server_tus	8.8	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	8.4	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	8.6	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.0	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.2	Yes
Operating System	redhat	enterprise_linux_update_services_for_sap_solutions	9.6	Yes
Operating System	almalinux	almalinux	8.0	Yes
Operating System	almalinux	almalinux	9.0	Yes
Operating System	almalinux	almalinux	10.0	Yes
Operating System	archlinux	arch_linux	-	Yes
Operating System	gentoo	linux	-	Yes
Operating System	nixos	nixos	< 24.11	Yes
Operating System	suse	suse_linux	-	Yes
Operating System	tritondatacenter	smartos	< 20250123	Yes

References

https://access.redhat.com/errata/RHSA-2025:0324 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0325 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0637 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0688 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0714 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0774 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0787 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0790 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0849 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0884 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:0885 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:1120 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:1123 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:1128 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:1225 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:1227 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:1242 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:1451 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2701 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2024-12085 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2330539 Issue Tracking, Third Party Advisory ([email protected])
https://kb.cert.org/vuls/id/952657 Third Party Advisory ([email protected])
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)