CVE-2024-12085
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 <= 3.3.0 | affected | ||
| Red Hat | Red Hat Enterprise Linux 10 | 0:3.4.1-2.el10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | 0:3.0.6-12.el6_10.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:3.1.2-12.el7_9.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:3.1.3-20.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 0:3.1.3-7.el8_2.3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:3.1.3-12.el8_4.3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 0:3.1.3-12.el8_4.3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | 0:3.1.3-12.el8_4.3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:3.1.3-14.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:3.1.3-14.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:3.1.3-14.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 0:3.1.3-20.el8_8.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:3.2.3-20.el9_5.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:3.2.3-20.el9_5.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:3.2.3-9.el9_0.3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:3.2.3-19.el9_2.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:3.2.3-19.el9_4.1 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 412.86.202502100314-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 413.92.202503112237-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 414.92.202502111902-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 415.92.202501281917-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | 417.94.202502051822-0 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.17-22 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.17-10 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v6.8.1-454 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.17-17 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v1.0.0-537 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.17-4 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v0.4.0-339 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.17-4 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v1.1.0-320 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.1-552 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v3.3.2-9 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.17-5 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.17-12 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v5.8.17-5 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v0.1.0-725 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v0.1.0-342 < * | unaffected |
| Red Hat | RHOL-5.8-RHEL-9 | v0.28.1-88 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v5.9.11-25 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v5.9.11-11 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v0.4.0-340 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v5.9.11-5 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v1.1.0-321 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v3.3.2-8 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v5.9.11-6 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v5.9.11-9 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v5.9.11-4 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v0.1.0-724 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v0.1.0-341 < * | unaffected |
| Red Hat | RHOL-5.9-RHEL-9 | v0.34.1-30 < * | unaffected |
| Red Hat | OpenShift Compliance Operator 1 | 1.8.0 < * | unaffected |
Weaknesses
- CWE-908: Use of Uninitialized Resource
Workarounds
Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the sum2 buffer, a potential mitigation involves compiling rsync with the -ftrivial-auto-var-init=zero option set. This mitigates the issue because it initializes the sum2 variable's memory with zeroes to prevent uninitialized memory disclosure.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
CVE Program Container
Additional References
- https://security.netapp.com/advisory/ntap-20250131-0002/
- https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
- https://www.kb.cert.org/vuls/id/952657
References
- https://access.redhat.com/errata/RHBA-2025:6470
- https://access.redhat.com/errata/RHSA-2025:0324
- https://access.redhat.com/errata/RHSA-2025:0325
- https://access.redhat.com/errata/RHSA-2025:0637
- https://access.redhat.com/errata/RHSA-2025:0688
- https://access.redhat.com/errata/RHSA-2025:0714
- https://access.redhat.com/errata/RHSA-2025:0774
- https://access.redhat.com/errata/RHSA-2025:0787
- https://access.redhat.com/errata/RHSA-2025:0790
- https://access.redhat.com/errata/RHSA-2025:0849
- https://access.redhat.com/errata/RHSA-2025:0884
- https://access.redhat.com/errata/RHSA-2025:0885
- https://access.redhat.com/errata/RHSA-2025:1120
- https://access.redhat.com/errata/RHSA-2025:1123
- https://access.redhat.com/errata/RHSA-2025:1128
- https://access.redhat.com/errata/RHSA-2025:1225
- https://access.redhat.com/errata/RHSA-2025:1227
- https://access.redhat.com/errata/RHSA-2025:1242
- https://access.redhat.com/errata/RHSA-2025:1451
- https://access.redhat.com/errata/RHSA-2025:21885
- https://access.redhat.com/errata/RHSA-2025:2701
- https://access.redhat.com/security/cve/CVE-2024-12085
- https://bugzilla.redhat.com/show_bug.cgi?id=2330539
- https://kb.cert.org/vuls/id/952657
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.