7.5

CVE-2024-12085

Exploit

EPSS 9.67%
Published 14.01.2025 18:15:25
Last modified 12.08.2025 21:15:27
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Affected products Warnungen 0 Metrics 2 CWE 1 References 26

Data is provided by the National Vulnerability Database (NVD)

Samba ≫ Rsync Version < 3.3.0

Redhat ≫ Openshift Version5.0

Redhat ≫ Openshift Container Platform Version4.12

Redhat ≫ Openshift Container Platform Version4.13

Redhat ≫ Openshift Container Platform Version4.14

Redhat ≫ Openshift Container Platform Version4.15

Redhat ≫ Openshift Container Platform Version4.16

Redhat ≫ Openshift Container Platform Version4.17

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version8.8

Redhat ≫ Enterprise Linux Eus Version9.2

Redhat ≫ Enterprise Linux Eus Version9.4

Redhat ≫ Enterprise Linux Eus Version9.6

Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Version9.0_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Version9.2_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.8_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.4_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.6_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.2_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.4_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.6_s390x

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Version8.8_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Version9.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Version9.2_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.4_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.6_ppc64le

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Aus Version9.2

Redhat ≫ Enterprise Linux Server Aus Version9.4

Redhat ≫ Enterprise Linux Server Aus Version9.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.6_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.8_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.0_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.2_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.4_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.6_ppc64le

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Enterprise Linux Server Tus Version8.8

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.6

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version9.0

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version9.2

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version9.6

Almalinux ≫ Almalinux Version8.0 Update-

Almalinux ≫ Almalinux Version9.0 Update-

Almalinux ≫ Almalinux Version10.0 Update-

Archlinux ≫ Arch Linux Version-

Gentoo ≫ Linux Version-

Nixos ≫ Nixos Version < 24.11

Suse ≫ Suse Linux Version-

Tritondatacenter ≫ Smartos Version < 20250123

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.67%	0.926

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://access.redhat.com/errata/RHSA-2025:0324

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0325

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0637

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0688

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0714

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0774

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0787

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0790

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0849

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0884

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:0885

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:1120

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:1123

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:1128

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:1225

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:1227

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:1242

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:1451

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2024-12085

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2330539

Third Party Advisory

Issue Tracking

https://kb.cert.org/vuls/id/952657

Third Party Advisory

https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj

Third Party Advisory

Exploit

https://access.redhat.com/errata/RHSA-2025:2701

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-12085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12085

EUVD