CVE-2024-12085

high-risk

Published 2025-01-14

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Do I need to act?

19.1% chance of exploitation in next 30 days

EPSS score — higher than 81% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Rsync

Openshift

Openshift Container Platform

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux For Arm 64

Enterprise Linux For Arm 64 Eus

Affected Vendors

Redhat Suse Samba Gentoo Nixos Archlinux Almalinux Tritondatacenter

References (27)

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0324

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0325

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0637

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0688

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0714

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0774

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0787

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0790

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0849

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0884

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:0885

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:1120

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:1123

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:1128

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:1225

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:1227

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:1242

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:1451

https://access.redhat.com/errata/RHSA-2025:21885

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:2701

and 7 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 14/34 · Moderate

Exposure 27/34 · High