CVE-2024-12084
- EPSS 3.76%
- Published 15.01.2025 15:15:10
- Last modified 08.07.2025 04:15:35
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write...
CVE-2024-12085
- EPSS 9.67%
- Published 14.01.2025 18:15:25
- Last modified 12.08.2025 21:15:27
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of un...
CVE-2024-12087
- EPSS 0.92%
- Published 14.01.2025 18:15:25
- Last modified 12.08.2025 21:15:27
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using...
CVE-2024-12088
- EPSS 0.72%
- Published 14.01.2025 18:15:25
- Last modified 12.08.2025 21:15:28
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, w...