CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-12084

CVSS 9.8v3.1pub. 2025-01-15upd. 2026-06-29

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

🤖 AI Analysis
How it works

The problem stems from improper handling of the attacker-controlled checksum length (s2length parameter) in the rsync daemon code. When the value MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH size of 16 bytes, it is possible to write data beyond the boundaries of the sum2 buffer on the heap. An attacker can craft an appropriate request to the rsync daemon, forcing an out-of-bounds write in the allocated memory area.

Impact

Successful exploitation of the vulnerability may allow an attacker to gain full control over the system, including remote code execution (RCE) or service disruption. Violation of confidentiality, integrity, and availability of data on the server is possible.

Mitigation & patch

Apply patches available from the vendor according to the references. For Red Hat/AlmaLinux systems, errata RHBA-2025:6470 is available. Additional information is provided in the CERT/CC guide (VU#952657). If an update is not immediately possible, it is recommended to restrict access to the rsync daemon at the firewall level to trusted IP addresses only.

Who is affected

Rsync daemon in Samba Rsync, AlmaLinux, Arch Linux, and Gentoo Linux distributions — specific versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Almalinux

    OS
    Almalinux
    10.0
  • Archlinux Arch Linux

    OS
    Archlinux
    wszystkie wersje
  • Gentoo Linux

    OS
    Gentoo
    wszystkie wersje
  • Nixos

    OS
    Nixos
    24.11< 24.11
  • Novell SUSE Linux

    OS
    Novell
    wszystkie wersje
  • Red Hat Enterprise Linux

    OS
    Redhat
    10.0
  • Samba Rsync

    APP
    Samba
    3.2.73.3.0
  • Tritondatacenter Smartos

    OS
    Tritondatacenter
    < 20250123
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...

CVE-2014-6271CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...