CVE-2024-12085

Public Exploit
Rsync: info leak via uninitialized stack contents

Description

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Remediation

Workaround:

  • Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable's memory with zeroes to prevent uninitialized memory disclosure.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
EPSS 1.43% Top 25%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
Affected: Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support
Affected: Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Affected: Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Affected: Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Affected: Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Affected: Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support
Affected: Red Hat Red Hat OpenShift Container Platform 4.12
Affected: Red Hat Red Hat OpenShift Container Platform 4.13
Affected: Red Hat Red Hat OpenShift Container Platform 4.14
Affected: Red Hat Red Hat OpenShift Container Platform 4.15
Affected: Red Hat Red Hat OpenShift Container Platform 4.16
Affected: Red Hat Red Hat OpenShift Container Platform 4.16
Affected: Red Hat Red Hat OpenShift Container Platform 4.16
Affected: Red Hat Red Hat OpenShift Container Platform 4.17
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.8-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat RHOL-5.9-RHEL-9
Affected: Red Hat Red Hat Enterprise Linux 10
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2025:0324 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0325 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0637 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0688 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0714 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0774 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0787 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0790 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0849 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0884 vendor advisory
https://access.redhat.com/errata/RHSA-2025:0885 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1120 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1123 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1128 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1225 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1227 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1242 vendor advisory
https://access.redhat.com/errata/RHSA-2025:1451 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2701 vendor advisory
https://access.redhat.com/security/cve/CVE-2024-12085 vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2330539 issue tracking
https://kb.cert.org/vuls/id/952657
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj

Frequently Asked Questions

What is the severity of CVE-2024-12085?
CVE-2024-12085 has been scored as a high severity vulnerability.
How to fix CVE-2024-12085?
As a workaround for remediating CVE-2024-12085: Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable's memory with zeroes to prevent uninitialized memory disclosure.
Is CVE-2024-12085 being actively exploited in the wild?
It is possible that CVE-2024-12085 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-12085?
CVE-2024-12085 affects Red Hat Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION, Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Red Hat OpenShift Container Platform 4.12, Red Hat Red Hat OpenShift Container Platform 4.13, Red Hat Red Hat OpenShift Container Platform 4.14, Red Hat Red Hat OpenShift Container Platform 4.15, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.17, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat RHOL-5.9-RHEL-9, Red Hat Red Hat Enterprise Linux 10.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.