Rsync Daemon Memory Leak Vulnerability in Red Hat Products
CVE-2024-12085

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
14 January 2025

Badges

📈 Score: 242📰 News Worthy

Summary

false

Affected Version(s)

Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:3.0.6-12.el6_10.1

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:3.1.2-12.el7_9.1

Red Hat Enterprise Linux 8 0:3.1.3-20.el8_10

News Articles

favicon imageSC Media

Severe Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaks

The critical and high severity flaws were discovered by Google Cloud researchers.

1 month ago

favicon imageSC Media

Severe Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaks

The critical and high severity flaws were discovered by Google Cloud researchers.

favicon imageNeowin

Rsync package in Ubuntu distros updated to fix remote code execution bugs, download now

Canonical has pushed a patch for rsync after researchers uncovered serious vulnerabilities that enable remote code execution attacks.

References

https://access.redhat.com/errata/RHSA-2025:0324
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:0325
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:0637
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Habr

  • Vulnerability published

Credit

Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
.