Vulnerability Details : CVE-2024-12085
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Products affected by CVE-2024-12085
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2024-12085
0.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-12085
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
N/A
|
N/A
|
Red Hat, Inc. | 2025-01-14 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
Red Hat, Inc. | 2025-01-14 |
CWE ids for CVE-2024-12085
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by:
- 53f830b8-0a3f-465b-8143-3b8a9948e749 (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2024-12085
-
https://access.redhat.com/errata/RHSA-2025:1120
RHSA-2025:1120 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:1225
RHSA-2025:1225 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:1451
RHSA-2025:1451 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:0324
RHSA-2025:0324 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:0325
RHSA-2025:0325 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:1123
RHSA-2025:1123 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:2701
-
https://access.redhat.com/errata/RHSA-2025:1128
RHSA-2025:1128 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:0688
RHSA-2025:0688 - Security Advisory - Red Hat 客户门户网站
-
https://access.redhat.com/errata/RHSA-2025:1242
RHSA-2025:1242 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=2330539
2330539 – (CVE-2024-12085) CVE-2024-12085 rsync: Info Leak via Uninitialized Stack Contents
-
https://access.redhat.com/errata/RHSA-2025:0849
RHSA-2025:0849 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:0637
RHSA-2025:0637 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:0787
RHSA-2025:0787 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:0885
RHSA-2025:0885 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/security/cve/CVE-2024-12085
CVE-2024-12085 - Red Hat Customer Portal
-
https://kb.cert.org/vuls/id/952657
-
https://access.redhat.com/errata/RHSA-2025:0714
RHSA-2025:0714 - Security Advisory - Red Hat Customer Portal
-
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
RSync: Heap Buffer Overflow, Info Leak, Server Leaks, Path Traversal and Safe links Bypass · Advisory · google/security-research · GitHub
-
https://access.redhat.com/errata/RHSA-2025:0790
RHSA-2025:0790 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:0884
RHSA-2025:0884 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2025:0774
-
https://access.redhat.com/errata/RHSA-2025:1227
RHSA-2025:1227 - Security Advisory - Red Hat Customer Portal
Jump to