В rsync была обнаружена ошибка, которая могла сработать, когда rsync сравнивает контрольные суммы файлов. Этот недостаток позволяет злоумышленнику манипулировать длиной контрольной суммы (s2length) для сравнения контрольной суммы и неинициализированной памяти и утечки по одному байту неинициализированных данных стека за раз.
Показать оригинальное описание (EN)
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Характеристики атаки
Способ атаки
По сети
Атака возможна удалённо
Сложность
Низкая
Легко эксплуатировать
Нужны права
Не требуются
Права не нужны
Участие пользователя
Не требуется
Не нужно действие пользователя
Последствия
Конфиденциальность
Высокое
Полная утечка данных
Целостность
Нет
Нет модификации данных
Доступность
Нет
Нет нарушения работы
Строка CVSS v3.1
Тип уязвимости (CWE)
Уязвимые продукты 63
| Конфигурация | От (включительно) | До (исключительно) |
|---|---|---|
|
Samba Rsync
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
|
— |
3.3.0
|
|
Redhat Openshift
cpe:2.3:a:redhat:openshift:5.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
|
— | — |
|
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
|
— | — |
|
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
|
— | — |
|
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
|
— | — |
|
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
|
— | — |
|
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Arm_64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Arm_64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Arm_64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Arm_64_Eus
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Arm_64_Eus
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Arm_64_Eus
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Ibm_Z_Systems
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Ibm_Z_Systems
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Ibm_Z_Systems
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Ibm_Z_Systems_Eus
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Ibm_Z_Systems_Eus
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Ibm_Z_Systems_Eus
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Power_Little_Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Power_Little_Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.8_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Power_Little_Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Power_Little_Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Power_Little_Endian_Eus
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_For_Power_Little_Endian_Eus
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*
|
— | — |
|
Almalinux Almalinux
cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*
|
— | — |
|
Almalinux Almalinux
cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*
|
— | — |
|
Almalinux Almalinux
cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*
|
— | — |
|
Archlinux Arch_Linux
cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*
|
— | — |
|
Gentoo Linux
cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*
|
— | — |
|
Nixos Nixos
cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*
|
— |
24.11
|
|
Suse Suse_Linux
cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*
|
— | — |
|
Tritondatacenter Smartos
cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*
|
— |
20250123
|
Ссылки 27
https://access.redhat.com/errata/RHSA-2025:0324
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0325
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0637
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0688
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0714
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0774
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0787
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0790
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0849
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0884
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0885
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1120
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1123
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1128
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1225
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1227
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1242
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1451
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21885
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:2701
secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-12085
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2330539
secalert@redhat.com
https://kb.cert.org/vuls/id/952657
secalert@redhat.com
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20250131-0002/
af854a3a-2127-422b-91ae-364da2661108
https://www.kb.cert.org/vuls/id/952657
af854a3a-2127-422b-91ae-364da2661108
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-…
134c704f-9b21-4f2e-91b3-4a467353bcc0