CVE-2024-12084
- EPSS 3.76%
- Veröffentlicht 15.01.2025 15:15:10
- Zuletzt bearbeitet 08.07.2025 04:15:35
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write...
CVE-2024-12085
- EPSS 9.67%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 12.08.2025 21:15:27
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of un...
CVE-2024-12087
- EPSS 0.92%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 12.08.2025 21:15:27
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using...
CVE-2024-12088
- EPSS 0.72%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 12.08.2025 21:15:28
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, w...
CVE-2017-7412
- EPSS 0.05%
- Veröffentlicht 04.04.2017 00:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.