CVE-2024-12085 — HIGH (7.5)

Q: How severe is CVE-2024-12085?

CVE-2024-12085 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-12085?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Rsync, Redhat Openshift, Redhat Openshift Container Platform, Redhat Enterprise Linux, Redhat Enterprise Linux Eus.

Vulnerability Description

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Samba	Rsync	< 3.3.0
Redhat	Openshift	5.0
Redhat	Openshift Container Platform	4.12
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.8
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	8.8_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.8_s390x
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.4_ppc64le
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.4_ppc64le
Redhat	Enterprise Linux Server Tus	8.4
Redhat	Enterprise Linux Update Services For Sap Solutions	8.4
Almalinux	Almalinux	8.0
Archlinux	Arch Linux	-
Gentoo	Linux	-
Nixos	Nixos	< 24.11

Related Weaknesses (CWE)

CWE-908

References

https://access.redhat.com/errata/RHBA-2025:6470
https://access.redhat.com/errata/RHSA-2025:0324Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0325Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0637Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0688Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0714Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0774Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0787Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0790Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0849Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0884Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:0885Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1120Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1123Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:1128Third Party Advisory

FAQ

What is CVE-2024-12085?

CVE-2024-12085 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksu...

How severe is CVE-2024-12085?

CVE-2024-12085 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12085?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Rsync, Redhat Openshift, Redhat Openshift Container Platform, Redhat Enterprise Linux, Redhat Enterprise Linux Eus.