CVE-2024-12085

Summary

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Affected Software

VendorProductVersion RangeStatus
0 <= 3.3.0affected
Red HatRed Hat Enterprise Linux 100:3.4.1-2.el10 < *unaffected
Red HatRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION0:3.0.6-12.el6_10.1 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:3.1.2-12.el7_9.1 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.1.3-20.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support0:3.1.3-7.el8_2.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:3.1.3-12.el8_4.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service0:3.1.3-12.el8_4.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions0:3.1.3-12.el8_4.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:3.1.3-14.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:3.1.3-14.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:3.1.3-14.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support0:3.1.3-20.el8_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.2.3-20.el9_5.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.2.3-20.el9_5.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:3.2.3-9.el9_0.3 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:3.2.3-19.el9_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:3.2.3-19.el9_4.1 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.12412.86.202502100314-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.13413.92.202503112237-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14414.92.202502111902-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15415.92.202501281917-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17417.94.202502051822-0 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.17-22 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.17-10 < *unaffected
Red HatRHOL-5.8-RHEL-9v6.8.1-454 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.17-17 < *unaffected
Red HatRHOL-5.8-RHEL-9v1.0.0-537 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.17-4 < *unaffected
Red HatRHOL-5.8-RHEL-9v0.4.0-339 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.17-4 < *unaffected
Red HatRHOL-5.8-RHEL-9v1.1.0-320 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.1-552 < *unaffected
Red HatRHOL-5.8-RHEL-9v3.3.2-9 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.17-5 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.17-12 < *unaffected
Red HatRHOL-5.8-RHEL-9v5.8.17-5 < *unaffected
Red HatRHOL-5.8-RHEL-9v0.1.0-725 < *unaffected
Red HatRHOL-5.8-RHEL-9v0.1.0-342 < *unaffected
Red HatRHOL-5.8-RHEL-9v0.28.1-88 < *unaffected
Red HatRHOL-5.9-RHEL-9v5.9.11-25 < *unaffected
Red HatRHOL-5.9-RHEL-9v5.9.11-11 < *unaffected
Red HatRHOL-5.9-RHEL-9v0.4.0-340 < *unaffected
Red HatRHOL-5.9-RHEL-9v5.9.11-5 < *unaffected
Red HatRHOL-5.9-RHEL-9v1.1.0-321 < *unaffected
Red HatRHOL-5.9-RHEL-9v3.3.2-8 < *unaffected
Red HatRHOL-5.9-RHEL-9v5.9.11-6 < *unaffected
Red HatRHOL-5.9-RHEL-9v5.9.11-9 < *unaffected
Red HatRHOL-5.9-RHEL-9v5.9.11-4 < *unaffected
Red HatRHOL-5.9-RHEL-9v0.1.0-724 < *unaffected
Red HatRHOL-5.9-RHEL-9v0.1.0-341 < *unaffected
Red HatRHOL-5.9-RHEL-9v0.34.1-30 < *unaffected
Red HatOpenShift Compliance Operator 11.8.0 < *unaffected

Weaknesses

  • CWE-908: Use of Uninitialized Resource

Workarounds

Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the sum2 buffer, a potential mitigation involves compiling rsync with the -ftrivial-auto-var-init=zero option set. This mitigates the issue because it initializes the sum2 variable's memory with zeroes to prevent uninitialized memory disclosure.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

CVE Program Container

Additional References

References