7.5

CVE-2024-12085

Exploit

Rsync: info leak via uninitialized stack contents

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaRsync Version < 3.3.0
RedhatOpenshift Version5.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux Eus Version9.6
RedhatEnterprise Linux For Arm 64 Version8.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.2_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version8.8_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.6_aarch64
AlmalinuxAlmalinux Version8.0 Update-
AlmalinuxAlmalinux Version9.0 Update-
AlmalinuxAlmalinux Version10.0 Update-
ArchlinuxArch Linux Version-
GentooLinux Version-
NixosNixos Version < 24.11
SuseSuse Linux Version-
TritondatacenterSmartos Version < 20250123
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.35% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://access.redhat.com/errata/RHSA-2025:0324
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0325
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0637
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0688
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0714
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0774
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0787
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0790
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0849
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0884
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0885
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1120
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1123
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1128
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1225
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1227
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1242
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1451
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-12085
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2330539
Third Party Advisory
Issue Tracking
https://kb.cert.org/vuls/id/952657
Third Party Advisory
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
Third Party Advisory
Exploit
https://access.redhat.com/errata/RHSA-2025:2701
Third Party Advisory
https://access.redhat.com/errata/RHBA-2025:6470
https://security.netapp.com/advisory/ntap-20250131-0002/
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
https://www.kb.cert.org/vuls/id/952657
https://access.redhat.com/errata/RHSA-2025:21885