VYPR
Get started
← All advisories
High severity7.5NVD Advisory· Published Jan 14, 2025· Updated Apr 14, 2026

CVE-2024-12085

CVE-2024-12085

Description

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Affected products

63
  • Red Hat/Openshift
    cpe:2.3:a:redhat:openshift:5.0:*:*:*:*:*:*:*
  • Red Hat/Openshift Container Platform6 versions
    cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
  • Samba (software)/Rsync
    cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
    Range: <3.3.0
  • Almalinux/Almalinux3 versions
    cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*
    • cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*
    • cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*
  • Archlinux/Arch Linux
    cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*
  • Gentoo/Linux
    cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*
  • Nixos/Nixos
    cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*
    Range: <24.11
  • Red Hat/Enterprise Linux2 versions
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Eus4 versions
    cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Arm 643 versions
    cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Arm 64 Eus3 versions
    cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Ibm Z Systems3 versions
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Ibm Z Systems Eus3 versions
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Power Little Endian4 versions
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.8_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Power Little Endian Eus2 versions
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server2 versions
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus6 versions
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions7 versions
    cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Tus3 versions
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Update Services For Sap Solutions5 versions
    cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*
  • SUSE S.A./Linux
    cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*
  • Tritondatacenter/Smartos
    cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*
    Range: <20250123

Patches

1
6c8ca91c731b
https://git.samba.org/rsync.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

28

News mentions

0

No linked articles in our index yet.