← back
CVE-2024-12084

Rsync: heap buffer overflow in rsync due to improper checksum length handling

CVSS 9.8 CRITICALEPSS 72.1%CWE-122
In short

Rsync has a critical flaw where an attacker can crash the service or potentially run malicious code by sending specially crafted data that overflows a buffer used for checksums. This happens because the program doesn't properly limit how much data it writes to memory.

Technical detail

A heap buffer overflow in rsync's checksum handling allows an attacker to write beyond the bounds of the sum2 buffer when MAX_DIGEST_LEN exceeds SUM_LENGTH (16 bytes). The vulnerability stems from improper validation of attacker-controlled s2length parameters, enabling remote code execution or denial of service against rsync daemon instances.

Summary generated and translated by AI from the official description.
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
rsyncRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat In-Vehicle Operating System 1Red Hat · Red Hat OpenShift Container Platform 4
public PoCs found4
githubgithub.com/themirze/cve-2024-120844githubgithub.com/rxerium/CVE-2024-120841githubgithub.com/InkeyP/CVE-2024-120841cve_referencegithub.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqjunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHBA-2025:6470https://access.redhat.com/security/cve/CVE-2024-12084https://bugzilla.redhat.com/show_bug.cgi?id=2330527https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqjhttps://kb.cert.org/vuls/id/952657https://security.netapp.com/advisory/ntap-20250131-0002/https://www.kb.cert.org/vuls/id/952657http://www.openwall.com/lists/oss-security/2025/01/14/6