CVE-2024-12085 - Vulnerability Details

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Logging Openshift Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
rsync-0:3.0.6-12.el6_10.1	cpe:/o:redhat:rhel_els:6	RHSA-2025:0849	2025-01-30T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
rsync-0:3.1.2-12.el7_9.1	cpe:/o:redhat:rhel_els:7	RHSA-2025:0714	2025-01-27T00:00:00Z
Red Hat Enterprise Linux 8
rsync-0:3.1.3-20.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:0325	2025-01-15T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
rsync-0:3.1.3-7.el8_2.3	cpe:/o:redhat:rhel_aus:8.2	RHSA-2025:0884	2025-02-03T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
rsync-0:3.1.3-12.el8_4.3	cpe:/o:redhat:rhel_aus:8.4	RHSA-2025:0885	2025-02-03T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
rsync-0:3.1.3-12.el8_4.3	cpe:/o:redhat:rhel_tus:8.4	RHSA-2025:0885	2025-02-03T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
rsync-0:3.1.3-12.el8_4.3	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2025:0885	2025-02-03T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
rsync-0:3.1.3-14.el8_6.6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2025:0790	2025-01-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
rsync-0:3.1.3-14.el8_6.6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2025:0790	2025-01-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
rsync-0:3.1.3-14.el8_6.6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2025:0790	2025-01-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
rsync-0:3.1.3-20.el8_8.1	cpe:/o:redhat:rhel_eus:8.8	RHSA-2025:0787	2025-01-29T00:00:00Z
Red Hat Enterprise Linux 9
rsync-0:3.2.3-20.el9_5.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:0324	2025-01-15T00:00:00Z
rsync-0:3.2.3-20.el9_5.1	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:0324	2025-01-15T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
rsync-0:3.2.3-9.el9_0.3	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:0688	2025-01-27T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
rsync-0:3.2.3-19.el9_2.1	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:0774	2025-01-28T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
rsync-0:3.2.3-19.el9_4.1	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:0637	2025-01-22T00:00:00Z
Red Hat OpenShift Container Platform 4.12
rhcos-412.86.202502100314-0	cpe:/a:redhat:openshift:4.12::el8	RHSA-2025:1242	2025-02-13T00:00:00Z
Red Hat OpenShift Container Platform 4.14
rhcos-414.92.202502111902-0	cpe:/a:redhat:openshift:4.14::el9	RHSA-2025:1451	2025-02-19T00:00:00Z
Red Hat OpenShift Container Platform 4.15
rhcos-415.92.202501281917-0	cpe:/a:redhat:openshift:4.15::el9	RHSA-2025:1128	2025-02-12T00:00:00Z
Red Hat OpenShift Container Platform 4.16
openshift4/ose-ansible-rhel9-operator:v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:1123	2025-02-12T00:00:00Z
openshift4/ose-helm-rhel9-operator:v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:1123	2025-02-12T00:00:00Z
openshift4/ose-operator-sdk-rhel9:v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:1123	2025-02-12T00:00:00Z
Red Hat OpenShift Container Platform 4.17
rhcos-417.94.202502051822-0	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:1120	2025-02-11T00:00:00Z
RHOL-5.8-RHEL-9
openshift-logging/cluster-logging-operator-bundle:v5.8.17-22	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/cluster-logging-rhel9-operator:v5.8.17-10	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/elasticsearch6-rhel9:v6.8.1-454	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.8.17-17	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-537	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/elasticsearch-rhel9-operator:v5.8.17-4	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/eventrouter-rhel9:v0.4.0-339	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/fluentd-rhel9:v5.8.17-4	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-320	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/logging-curator5-rhel9:v5.8.1-552	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/logging-loki-rhel9:v3.3.2-9	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/logging-view-plugin-rhel9:v5.8.17-5	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/loki-operator-bundle:v5.8.17-12	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/loki-rhel9-operator:v5.8.17-5	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/lokistack-gateway-rhel9:v0.1.0-725	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/opa-openshift-rhel9:v0.1.0-342	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
openshift-logging/vector-rhel9:v0.28.1-88	cpe:/a:redhat:logging:5.8::el9	RHSA-2025:1225	2025-02-12T00:00:00Z
RHOL-5.9-RHEL-9
openshift-logging/cluster-logging-operator-bundle:v5.9.11-25	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/cluster-logging-rhel9-operator:v5.9.11-11	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/eventrouter-rhel9:v0.4.0-340	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/fluentd-rhel9:v5.9.11-5	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-321	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/logging-loki-rhel9:v3.3.2-8	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/logging-view-plugin-rhel9:v5.9.11-6	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/loki-operator-bundle:v5.9.11-9	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/loki-rhel9-operator:v5.9.11-4	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/lokistack-gateway-rhel9:v0.1.0-724	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/opa-openshift-rhel9:v0.1.0-341	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z
openshift-logging/vector-rhel9:v0.34.1-30	cpe:/a:redhat:logging:5.9::el9	RHSA-2025:1227	2025-02-12T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:0324
https://access.redhat.com/errata/RHSA-2025:0325
https://access.redhat.com/errata/RHSA-2025:0637
https://access.redhat.com/errata/RHSA-2025:0688
https://access.redhat.com/errata/RHSA-2025:0714
https://access.redhat.com/errata/RHSA-2025:0774
https://access.redhat.com/errata/RHSA-2025:0787
https://access.redhat.com/errata/RHSA-2025:0790
https://access.redhat.com/errata/RHSA-2025:0849
https://access.redhat.com/errata/RHSA-2025:0884
https://access.redhat.com/errata/RHSA-2025:0885
https://access.redhat.com/errata/RHSA-2025:1120
https://access.redhat.com/errata/RHSA-2025:1123
https://access.redhat.com/errata/RHSA-2025:1128
https://access.redhat.com/errata/RHSA-2025:1225
https://access.redhat.com/errata/RHSA-2025:1227
https://access.redhat.com/errata/RHSA-2025:1242
https://access.redhat.com/errata/RHSA-2025:1451
https://access.redhat.com/security/cve/CVE-2024-12085
https://bugzilla.redhat.com/show_bug.cgi?id=2330539
https://kb.cert.org/vuls/id/952657
https://nvd.nist.gov/vuln/detail/CVE-2024-12085
https://www.cve.org/CVERecord?id=CVE-2024-12085

History

Wed, 19 Feb 2025 23:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9
References		https://access.redhat.com/errata/RHSA-2025:1451

Thu, 13 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.12::el8
References		https://access.redhat.com/errata/RHSA-2025:1242

Thu, 13 Feb 2025 01:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:rhel_aus:8.2 cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_eus:8.8 cpe:/o:redhat:rhel_tus:8.4 cpe:/o:redhat:rhel_tus:8.6

Wed, 12 Feb 2025 18:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:logging:5.8::el9
References		https://access.redhat.com/errata/RHSA-2025:1225

Wed, 12 Feb 2025 17:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:logging:5~~	cpe:/a:redhat:logging:5.9::el9
References		https://access.redhat.com/errata/RHSA-2025:1227

Wed, 12 Feb 2025 04:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9
References		https://access.redhat.com/errata/RHSA-2025:1128

Wed, 12 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.16::el9
References		https://access.redhat.com/errata/RHSA-2025:1123

Tue, 11 Feb 2025 12:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:1120

Mon, 03 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos
References		https://access.redhat.com/errata/RHSA-2025:0884 https://access.redhat.com/errata/RHSA-2025:0885

Thu, 30 Jan 2025 21:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:6~~	cpe:/o:redhat:rhel_els:6
References		https://access.redhat.com/errata/RHSA-2025:0849

Thu, 30 Jan 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description	A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.	A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Thu, 30 Jan 2025 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat logging
CPEs		cpe:/a:redhat:logging:5
Vendors & Products		Redhat logging

Wed, 29 Jan 2025 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:0790

Wed, 29 Jan 2025 08:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:8.8::baseos
References		https://access.redhat.com/errata/RHSA-2025:0787

Tue, 28 Jan 2025 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/o:redhat:rhel_eus:9.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:0774

Tue, 28 Jan 2025 07:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel E4s Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:0688 https://access.redhat.com/errata/RHSA-2025:0714

Thu, 23 Jan 2025 06:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:0637

Wed, 15 Jan 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 15 Jan 2025 07:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:8::baseos cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:0324 https://access.redhat.com/errata/RHSA-2025:0325

Wed, 15 Jan 2025 02:00:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://www.cve.org/CVERecord?id=CVE-2024-12085
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 14 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
References		https://kb.cert.org/vuls/id/952657

Tue, 14 Jan 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Title		Rsync: info leak via uninitialized stack contents
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-119
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-01-14T17:37:16.036Z

Updated: 2025-02-19T23:26:39.468Z

Reserved: 2024-12-03T08:57:53.329Z

Link: CVE-2024-12085

Vulnrichment

Updated: 2025-01-15T15:01:53.408Z

NVD

Status : Awaiting Analysis

Published: 2025-01-14T18:15:25.123

Modified: 2025-02-20T00:15:19.130

Link: CVE-2024-12085

Redhat

Severity : Important

Publid Date: 2025-01-14T15:06:00Z

Links: CVE-2024-12085 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object