CVE-2024-12085

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

The rsync daemon is affected by a flaw that can be triggered when comparing file checksums, allowing an attacker to manipulate the checksum length and cause a comparison between a checksum and uninitialized memory. This results in the leak of one byte of uninitialized stack data at a time. An exploit for this issue could potentially allow an attacker to leak sensitive data from the stack. The affected software is the rsync daemon. The flaw is related to a buffer overflow in memory due to incorrect comparison of file checksums, which can be exploited by a remote attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected information. More information about the issue can be found at https://access.redhat.com/security/cve/cve-2024-12085. #rsync #rsyncdaemon #linux #security #exploit #ASLR #bufferoverflow #uninitializedstack #remotexploit

Exploit

Fix

Buffer Overflow

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-908

Related Identifiers

ALSA-2025:0324

ALSA-2025:0325

ALT-PU-2025-1240

ALT-PU-2025-1316

ALT-PU-2025-1318

ALT-PU-2025-1320

ALT-PU-2025-1322

AZL-55649

AZL-55664

BDU:2025-00376

CESA-2025_0325

CVE-2024-12085

DLA-4015-1

DLA-4015-2

DSA-5843-1

DSA-5843-2

GHSA-P5PG-X43V-MVQJ

INFSA-2025_0324

INFSA-2025_0325

MGASA-2025-0019

OESA-2025-1060

OESA-2025-1061

OESA-2025-1062

OESA-2025-1063

OESA-2025-1064

OPENSUSE-SU-2025:14665-1

OPENSUSE-SU-2025_0118-1

OPENSUSE-SU-2025_0118-2

OPENSUSE-SU-2025_0122-1

OPENSUSE-SU-2025_0122-2

OPENSUSE-SU-2025_0156-1

OPENSUSE-SU-2025_0165-1

RHSA-2025:0324

RHSA-2025:0325

RHSA-2025:0637

RHSA-2025:0688

RHSA-2025:0714

RHSA-2025:0774

RHSA-2025:0787

RHSA-2025:0790

RHSA-2025:0849

RHSA-2025:0884

RHSA-2025:0885

RHSA-2025_0324

RHSA-2025_0325

RLSA-2025:0324

RLSA-2025:0325

ROSA-SA-2025-2757

SUSE-SU-2025:0156-1

SUSE-SU-2025:0157-1

SUSE-SU-2025:0165-1

SUSE-SU-2025:0166-1

SUSE-SU-2025:20122-1

SUSE-SU-2025:20223-1

SUSE-SU-2025_0120-1

SUSE-SU-2025_0120-2

SUSE-SU-2025_0121-1

SUSE-SU-2025_0121-2

SUSE-SU-2025_0122-1

SUSE-SU-2025_0122-2

SUSE-SU-2025_0157-1

SUSE-SU-2025_0165-1

SUSE-SU-2025_0166-1

SUSE-SU-2026:2038-1

SUSE-SU-2026:2048-1

SUSE-SU-2026:2083-1

SUSE-SU-2026:21726-1

USN-7206-1

USN-7206-2

USN-7206-3

USN-7206-4

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Rsync

CVE-2024-12085

Weakness Enumeration

Related Identifiers

Affected Products

References · 176