CVEFinder.io

CVE-2024-12085

⚠ī¸ high
🔍 Scan for this CVE
Summary

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVSS Score
7.5
High
EPSS Score
9.4
Exploit Probability
Published Date
2025-01-14
First Seen: 2026-01-04
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 330,193 vulnerabilities in our database.

#102,656
Above average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Feb 27, 2025
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙ī¸ Automatable
YES
Can be exploited automatically
đŸ’Ĩ Technical Impact
Partial
Limited system impact
🏆 Discovered By
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-06-25
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-908

đŸ“Ļ Affected Products 63

Vendor Product Status Affected Versions
gentoo linux Affected
v-
suse suse_linux Affected
v-
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
redhat openshift Affected
v5.0
redhat enterprise_linux_server Affected
v6.0
redhat enterprise_linux_server Affected
v7.0
samba rsync Affected
< 3.3.0
redhat enterprise_linux_for_power_little_endian Affected
v8.0_ppc64le
redhat enterprise_linux_for_power_little_endian Affected
v8.8_ppc64le
redhat enterprise_linux_for_power_little_endian Affected
v9.0_ppc64le
redhat enterprise_linux_for_power_little_endian Affected
v9.2_ppc64le
redhat enterprise_linux_for_ibm_z_systems Affected
v8.0_s390x
redhat enterprise_linux_for_ibm_z_systems Affected
v9.0_s390x
redhat enterprise_linux_for_ibm_z_systems Affected
v9.2_s390x
redhat enterprise_linux_for_power_little_endian_eus Affected
v9.4_ppc64le
redhat enterprise_linux_for_power_little_endian_eus Affected
v9.6_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus Affected
v8.8_s390x
redhat enterprise_linux_for_ibm_z_systems_eus Affected
v9.4_s390x
redhat enterprise_linux_for_ibm_z_systems_eus Affected
v9.6_s390x
redhat enterprise_linux_server_tus Affected
v8.4
redhat enterprise_linux_server_tus Affected
v8.6
redhat enterprise_linux_server_tus Affected
v8.8
redhat enterprise_linux_eus Affected
v8.8
redhat enterprise_linux_eus Affected
v9.2
redhat enterprise_linux_eus Affected
v9.4
redhat enterprise_linux_eus Affected
v9.6
redhat enterprise_linux_server_aus Affected
v8.2
redhat enterprise_linux_server_aus Affected
v8.4
redhat enterprise_linux_server_aus Affected
v8.6
redhat enterprise_linux_server_aus Affected
v9.2
redhat enterprise_linux_server_aus Affected
v9.4
redhat enterprise_linux_server_aus Affected
v9.6
redhat openshift_container_platform Affected
v4.12
redhat openshift_container_platform Affected
v4.13
redhat openshift_container_platform Affected
v4.14
redhat openshift_container_platform Affected
v4.15
redhat openshift_container_platform Affected
v4.16
redhat openshift_container_platform Affected
v4.17
archlinux arch_linux Affected
v-
nixos nixos Affected
< 24.11
redhat enterprise_linux_update_services_for_sap_solutions Affected
v8.4
redhat enterprise_linux_update_services_for_sap_solutions Affected
v8.6
redhat enterprise_linux_update_services_for_sap_solutions Affected
v9.0
redhat enterprise_linux_update_services_for_sap_solutions Affected
v9.2
redhat enterprise_linux_update_services_for_sap_solutions Affected
v9.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions Affected
v8.4_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions Affected
v8.6_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions Affected
v8.8_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions Affected
v9.0_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions Affected
v9.2_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions Affected
v9.4_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions Affected
v9.6_ppc64le
almalinux almalinux Affected
v10.0
almalinux almalinux Affected
v8.0
almalinux almalinux Affected
v9.0
redhat enterprise_linux_for_arm_64 Affected
v8.0_aarch64
redhat enterprise_linux_for_arm_64 Affected
v9.0_aarch64
redhat enterprise_linux_for_arm_64 Affected
v9.2_aarch64
redhat enterprise_linux_for_arm_64_eus Affected
v8.8_aarch64
redhat enterprise_linux_for_arm_64_eus Affected
v9.4_aarch64
redhat enterprise_linux_for_arm_64_eus Affected
v9.6_aarch64
tritondatacenter smartos Affected
< 20250123

🔗 References 28

https://access.redhat.com/errata/RHBA-2025:6470
https://access.redhat.com/errata/RHSA-2025:0324
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0325
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0637
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0688
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0714
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0774
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0787
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0790
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0849
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0884
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0885
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1120
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1123
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1128
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1225
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1227
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1242
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1451
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:21885
https://access.redhat.com/errata/RHSA-2025:2701
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-12085
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2330539
Issue Tracking Third Party Advisory
https://kb.cert.org/vuls/id/952657
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01...
https://security.netapp.com/advisory/ntap-20250131-0...
https://www.kb.cert.org/vuls/id/952657
https://github.com/google/security-research/security...
Exploit Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-55653 đŸ”ļ medium 4.3 0.2 A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group ... 2026-06-23
CVE-2026-55654 ℹī¸ low 3.7 0.3 A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic... 2026-06-23
CVE-2026-55655 đŸ”ļ medium 5.0 0.1 A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding ... 2026-06-23
CVE-2026-11791 đŸ”ļ medium 5.0 0.3 A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees... 2026-06-18
CVE-2026-1764 đŸ”ļ medium 5.6 0.2 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially craf... 2026-06-16
CVE-2026-1766 đŸ”ļ medium 5.6 0.2 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke... 2026-06-16
These CVEs affect the same products