A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
History

Wed, 16 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Almalinux
Almalinux almalinux
Archlinux
Archlinux arch Linux
Gentoo
Gentoo linux
Nixos
Nixos nixos
Redhat enterprise Linux Eus
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Update Services For Sap Solutions
Redhat openshift Container Platform
Samba
Samba rsync
Suse
Suse suse Linux
Tritondatacenter
Tritondatacenter smartos
Weaknesses CWE-908
CPEs cpe:2.3:a:redhat:openshift:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*
cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*
cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*
cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*
cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*
Vendors & Products Almalinux
Almalinux almalinux
Archlinux
Archlinux arch Linux
Gentoo
Gentoo linux
Nixos
Nixos nixos
Redhat enterprise Linux Eus
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Update Services For Sap Solutions
Redhat openshift Container Platform
Samba
Samba rsync
Suse
Suse suse Linux
Tritondatacenter
Tritondatacenter smartos

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.01184}

epss

{'score': 0.00967}


Thu, 22 May 2025 11:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Thu, 20 Mar 2025 07:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el8
cpe:/a:redhat:openshift:4.13::el9
References

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 26 Feb 2025 18:15:00 +0000


Wed, 19 Feb 2025 23:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8
cpe:/a:redhat:openshift:4.14::el9
References

Thu, 13 Feb 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
References

Thu, 13 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
cpe:/o:redhat:rhel_aus:8.2
cpe:/o:redhat:rhel_aus:8.4
cpe:/o:redhat:rhel_aus:8.6
cpe:/o:redhat:rhel_e4s:8.4
cpe:/o:redhat:rhel_e4s:8.6
cpe:/o:redhat:rhel_eus:8.8
cpe:/o:redhat:rhel_tus:8.4
cpe:/o:redhat:rhel_tus:8.6

Wed, 12 Feb 2025 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:logging:5.8::el9
References

Wed, 12 Feb 2025 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:logging:5 cpe:/a:redhat:logging:5.9::el9
References

Wed, 12 Feb 2025 04:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el8
cpe:/a:redhat:openshift:4.15::el9
References

Wed, 12 Feb 2025 00:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el9
References

Tue, 11 Feb 2025 12:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift:4.17::el9
References

Mon, 03 Feb 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_e4s:8.4::baseos
cpe:/o:redhat:rhel_tus:8.4::baseos
References

Thu, 30 Jan 2025 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:rhel_els:6
References

Thu, 30 Jan 2025 16:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Thu, 30 Jan 2025 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat logging
CPEs cpe:/a:redhat:logging:5
Vendors & Products Redhat logging

Wed, 29 Jan 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Tus
References

Wed, 29 Jan 2025 08:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_eus:8.8::baseos
References

Tue, 28 Jan 2025 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/o:redhat:rhel_eus:9.2::baseos
References

Tue, 28 Jan 2025 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel E4s
Redhat rhel Els
References

Thu, 23 Jan 2025 06:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Wed, 15 Jan 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Jan 2025 07:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 15 Jan 2025 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Tue, 14 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Jan 2025 17:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Title Rsync: info leak via uninitialized stack contents
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-119
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-01-14T17:37:16.036Z

Updated: 2025-05-22T11:20:22.639Z

Reserved: 2024-12-03T08:57:53.329Z

Link: CVE-2024-12085

cve-icon Vulnrichment

Updated: 2025-01-15T15:01:53.408Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T18:15:25.123

Modified: 2025-07-16T16:04:48.867

Link: CVE-2024-12085

cve-icon Redhat

Severity : Important

Publid Date: 2025-01-14T15:06:00Z

Links: CVE-2024-12085 - Bugzilla