CVE-2024-12085

Rsync: info leak via uninitialized stack contents

Description

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

INFO

Published Date :

2025-01-14T17:37:16.036Z

Last Modified :

2026-02-26T19:09:27.571Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2024-12085 vulnerability.

Vendors	Products
Almalinux	Almalinux
Archlinux	Arch Linux
Gentoo	Linux
Nixos	Nixos
Redhat	Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux Server Tus Enterprise Linux Update Services For Sap Solutions Logging Openshift Openshift Compliance Operator Openshift Container Platform Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
Samba	Rsync
Suse	Suse Linux
Tritondatacenter	Smartos

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12085.

URL	Resource
https://access.redhat.com/errata/RHSA-2025:0324
https://access.redhat.com/errata/RHSA-2025:0325
https://access.redhat.com/errata/RHSA-2025:0637
https://access.redhat.com/errata/RHSA-2025:0688
https://access.redhat.com/errata/RHSA-2025:0714
https://access.redhat.com/errata/RHSA-2025:0774
https://access.redhat.com/errata/RHSA-2025:0787
https://access.redhat.com/errata/RHSA-2025:0790
https://access.redhat.com/errata/RHSA-2025:0849
https://access.redhat.com/errata/RHSA-2025:0884
https://access.redhat.com/errata/RHSA-2025:0885
https://access.redhat.com/errata/RHSA-2025:1120
https://access.redhat.com/errata/RHSA-2025:1123
https://access.redhat.com/errata/RHSA-2025:1128
https://access.redhat.com/errata/RHSA-2025:1225
https://access.redhat.com/errata/RHSA-2025:1227
https://access.redhat.com/errata/RHSA-2025:1242
https://access.redhat.com/errata/RHSA-2025:1451
https://access.redhat.com/errata/RHSA-2025:21885
https://access.redhat.com/errata/RHSA-2025:2701
https://access.redhat.com/security/cve/CVE-2024-12085
https://bugzilla.redhat.com/show_bug.cgi?id=2330539
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
https://kb.cert.org/vuls/id/952657
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
https://nvd.nist.gov/vuln/detail/CVE-2024-12085
https://security.netapp.com/advisory/ntap-20250131-0002/
https://www.cve.org/CVERecord?id=CVE-2024-12085
https://www.kb.cert.org/vuls/id/952657

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact