CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:0324	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0325	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0637	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0688	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0714	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0774	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0787	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0790	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0849	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0884	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0885	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1120	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1123	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1128	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1225	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1227	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1242	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1451	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:21885
https://access.redhat.com/errata/RHSA-2025:2701	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-12085	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2330539	Issue Tracking Third Party Advisory
https://kb.cert.org/vuls/id/952657	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
https://security.netapp.com/advisory/ntap-20250131-0002/
https://www.kb.cert.org/vuls/id/952657
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:openshift:5.0:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.16:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.17:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:almalinux:almalinux:8.0:-::::::
	cpe:2.3:o:almalinux:almalinux:9.0:-::::::
	cpe:2.3:o:almalinux:almalinux:10.0:-::::::

Configuration 4 (hide)

cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-14 18:15

Updated : 2025-11-20 21:15

NVD link : CVE-2024-12085

Mitre link : CVE-2024-12085

CVE.ORG link : CVE-2024-12085

JSON object : View

Products Affected

nixos

nixos

gentoo

linux

redhat

enterprise_linux_for_arm_64_eus
enterprise_linux_eus
enterprise_linux_for_arm_64
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_update_services_for_sap_solutions
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_power_little_endian
openshift_container_platform
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_server_aus
enterprise_linux
openshift
enterprise_linux_for_ibm_z_systems
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

archlinux

arch_linux

tritondatacenter

smartos

suse

suse_linux

samba

rsync

almalinux

almalinux

CWE

CWE-908

Use of Uninitialized Resource

7.5 /10