CVE-2024-12085
Rsync: info leak via uninitialized stack contents
CVSS Score
7.5
EPSS Score
19.1%
EPSS Percentile
95th
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
| CWE | CWE-908 |
| Published | Jan 14, 2025 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new high vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.8-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / RHOL-5.9-RHEL-9
All versions affected Red Hat / Compliance Operator 1
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHBA-2025:6470 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0324 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0325 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0637 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0688 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0714 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0774 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0787 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0790 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0849 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0884 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0885 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1120 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1123 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1128 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1225 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1227 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1242 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1451 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21885 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:2701 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-12085 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2330539 kb.cert.org: https://kb.cert.org/vuls/id/952657 github.com: https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj security.netapp.com: https://security.netapp.com/advisory/ntap-20250131-0002/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html kb.cert.org: https://www.kb.cert.org/vuls/id/952657
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.