Unrated severityNVD Advisory· Published Jan 15, 2025· Updated Feb 26, 2026

Rsync: heap buffer overflow in rsync due to improper checksum length handling

CVE-2024-12084

Description

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

Affected products

WayneD/Rsyncinferred

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHBA-2025:6470mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2024-12084mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
kb.cert.org/vuls/id/952657mitre

News mentions

GitLab Patch Release: 18.1.2, 18.0.4, 17.11.6
GitLab Security Releases · Jul 9, 2025

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000