CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:0324
https://access.redhat.com/errata/RHSA-2025:0325
https://access.redhat.com/errata/RHSA-2025:0637
https://access.redhat.com/errata/RHSA-2025:0688
https://access.redhat.com/errata/RHSA-2025:0714
https://access.redhat.com/errata/RHSA-2025:0774
https://access.redhat.com/errata/RHSA-2025:0787
https://access.redhat.com/errata/RHSA-2025:0790
https://access.redhat.com/errata/RHSA-2025:0849
https://access.redhat.com/errata/RHSA-2025:0884
https://access.redhat.com/errata/RHSA-2025:0885
https://access.redhat.com/errata/RHSA-2025:1120
https://access.redhat.com/errata/RHSA-2025:1123
https://access.redhat.com/errata/RHSA-2025:1128
https://access.redhat.com/errata/RHSA-2025:1225
https://access.redhat.com/errata/RHSA-2025:1227
https://access.redhat.com/errata/RHSA-2025:1242
https://access.redhat.com/errata/RHSA-2025:1451
https://access.redhat.com/errata/RHSA-2025:2701
https://access.redhat.com/security/cve/CVE-2024-12085
https://bugzilla.redhat.com/show_bug.cgi?id=2330539
https://kb.cert.org/vuls/id/952657
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj

Configurations

No configuration.

History

20 Mar 2025, 07:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:2701 -

26 Feb 2025, 15:15

Type	Values Removed	Values Added
References		() https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj -

20 Feb 2025, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:1451 -

13 Feb 2025, 03:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:1242 -

12 Feb 2025, 18:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:1225 -

12 Feb 2025, 17:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:1227 -

12 Feb 2025, 04:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:1128 -

12 Feb 2025, 01:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:1123 -

11 Feb 2025, 12:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:1120 -

03 Feb 2025, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:0884 - () https://access.redhat.com/errata/RHSA-2025:0885 -

30 Jan 2025, 22:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:0849 -

30 Jan 2025, 17:15

Type	Values Removed	Values Added
Summary	(en) A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.	(en) A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

29 Jan 2025, 11:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:0790 -

29 Jan 2025, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:0787 -

28 Jan 2025, 19:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:0774 -

28 Jan 2025, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:0688 - () https://access.redhat.com/errata/RHSA-2025:0714 -

23 Jan 2025, 06:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:0637 -
Summary		(es) Se encontró un fallo en rsync daemon que podría activarse cuando rsync compara sumas de comprobación de archivos. Este fallo permite a un atacante manipular la longitud de la suma de comprobación (s2length) para provocar una comparación entre una suma de comprobación y una memoria no inicializada y filtrar un byte de datos de pila no inicializados a la vez.

15 Jan 2025, 07:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:0324 - () https://access.redhat.com/errata/RHSA-2025:0325 -

14 Jan 2025, 22:15

Type	Values Removed	Values Added
References		() https://kb.cert.org/vuls/id/952657 -

14 Jan 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 18:15

Updated : 2025-03-20 07:15

NVD link : CVE-2024-12085

Mitre link : CVE-2024-12085

CVE.ORG link : CVE-2024-12085

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10