Rsync Daemon Memory Leak Vulnerability in Red Hat Products
CVE-2024-12085

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
14 January 2025

Badges

📈 Score: 230📰 News Worthy

Summary

false

Affected Version(s)

Red Hat Enterprise Linux 8 0:3.1.3-20.el8_10

Red Hat Enterprise Linux 9 0:3.2.3-20.el9_5.1

Red Hat Enterprise Linux 9 0:3.2.3-20.el9_5.1

News Articles

favicon imageSC Media

Severe Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaks

The critical and high severity flaws were discovered by Google Cloud researchers.

5 days ago

favicon imageNeowin

Rsync package in Ubuntu distros updated to fix remote code execution bugs, download now

Canonical has pushed a patch for rsync after researchers uncovered serious vulnerabilities that enable remote code execution attacks.

6 days ago

favicon imageHabr

Релиз утилиты для синхронизации файлов Rsync 3.4.0

15 января 2025 года состоялся релиз открытой утилиты для синхронизации файлов Rsync 3.4.0 . Исходный код проекта написан на C. Решение распространяется под лицензией GNU General Public License ....

6 days ago

References

https://access.redhat.com/errata/RHSA-2025:0324
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:0325
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-12085
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Habr

  • Vulnerability published

Credit

Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
.