anonhaven
Ad

CVE-2024-12085

HIGH CVSS 3.1: 7.5 EPSS 19.1%
Updated Nov 20, 2025
Almalinux
Parameter Value
CVSS 7.5 (HIGH)
Affected Versions before 3.3.0
Fixed In 3.3.0
Type CWE-908 (Use of Uninitialized Resource)
Vendor Almalinux
Public PoC No

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-908 Use of Uninitialized Resource

Vulnerable Products 63

Configuration From (including) Up to (excluding)
Samba Rsync
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
 3.3.0
Redhat Openshift
cpe:2.3:a:redhat:openshift:5.0:*:*:*:*:*:*:*
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
Redhat Openshift_Container_Platform
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
Redhat Enterprise_Linux
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Redhat Enterprise_Linux
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Arm_64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Arm_64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Arm_64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Arm_64_Eus
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Arm_64_Eus
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Arm_64_Eus
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Ibm_Z_Systems
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Ibm_Z_Systems
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Ibm_Z_Systems
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Ibm_Z_Systems_Eus
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Ibm_Z_Systems_Eus
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Ibm_Z_Systems_Eus
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Power_Little_Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Power_Little_Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.8_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Power_Little_Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Power_Little_Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Power_Little_Endian_Eus
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Power_Little_Endian_Eus
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_For_Power_Little_Endian_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*
Almalinux Almalinux
cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*
Almalinux Almalinux
cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*
Almalinux Almalinux
cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*
Archlinux Arch_Linux
cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*
Gentoo Linux
cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*
Nixos Nixos
cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*
 24.11
Suse Suse_Linux
cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*
Tritondatacenter Smartos
cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*
 20250123

References 27

https://access.redhat.com/errata/RHSA-2025:0324
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0325
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0637
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0688
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0714
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0774
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0787
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0790
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0849
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0884
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:0885
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1120
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1123
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1128
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1225
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1227
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1242
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:1451
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21885
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:2701
secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-12085
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2330539
secalert@redhat.com
https://kb.cert.org/vuls/id/952657
secalert@redhat.com
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20250131-0002/
af854a3a-2127-422b-91ae-364da2661108
https://www.kb.cert.org/vuls/id/952657
af854a3a-2127-422b-91ae-364da2661108
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2024-12084

Almalinux

9.8

CVE-2024-12088

Almalinux

7.5

CVE-2024-12087

Almalinux

7.5

CVE-2024-12086

Almalinux

6.8

CVE-2024-6387

Debian

8.1