CVE-2024-12085

Name
CVE-2024-12085
Description
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2024-12085
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2330539
secalert@redhat.com https://kb.cert.org/vuls/id/952657
vendor-advisory https://access.redhat.com/errata/RHSA-2025:0324
vendor-advisory https://access.redhat.com/errata/RHSA-2025:0325
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0637
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0688
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0714
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0774
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0787
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0790
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0849
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0884
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:0885
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:1120
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:1123
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:1128
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:1227
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:1225
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:1242
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:1451
134c704f-9b21-4f2e-91b3-4a467353bcc0 https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2701

Match rules

CPE URI Source package Min version Max version
cpe:/o:redhat:enterprise_linux:8::baseos shopxo >= 0:3.1.3-20.el8_10 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:3.2.3-20.el9_5.1 < *
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* rsync >= None < 3.3.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rsync edge-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.21-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.20-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.19-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.18-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed