CVE-2024-12084

CriticalPublic PoC

Published: 15 January 2025

Published

15 January 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0346 87.6th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

Security Summary

CVE-2024-12084 is a heap-based buffer overflow vulnerability in the rsync daemon, stemming from improper handling of attacker-controlled checksum lengths (s2length) in the code. The flaw occurs when MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH of 16 bytes, allowing an attacker to write out of bounds in the sum2 buffer. It is associated with CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

The vulnerability can be exploited by a remote attacker with network access to the rsync daemon, requiring no privileges, low complexity, and no user interaction. Exploitation enables out-of-bounds writes in heap memory, potentially compromising confidentiality, integrity, and availability to a high degree.

Red Hat has issued advisory errata RHBA-2025:6470 to address the issue, with further details in their CVE security page, Bugzilla entry #2330527, CERT vulnerability note 952657, and an oss-security mailing list announcement from January 14, 2025.

Details

CWE(s): CWE-122CWE-787

Affected Products

samba

rsync

3.2.7, 3.3.0

almalinux

10.0

archlinux

arch linux

all versions

gentoo

linux

all versions

nixos

24.11 · ≤ 24.11

novell

suse linux

all versions

tritondatacenter

smartos

≤ 20250123

redhat

enterprise linux

10.0

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Heap buffer overflow and related flaws in rsync daemon enable remote code execution on servers via anonymous client access (T1068, T1190, T1210); file leak vulnerability facilitates collection of arbitrary data from clients' local systems (T1005).

References

https://access.redhat.com/errata/RHBA-2025:6470
secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-12084
Third Party Advisory · secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2330527
Issue Tracking, Third Party Advisory · secalert@redhat.com
https://kb.cert.org/vuls/id/952657
Third Party Advisory · secalert@redhat.com
http://www.openwall.com/lists/oss-security/2025/01/14/6
Mailing List, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20250131-0002/
af854a3a-2127-422b-91ae-364da2661108
https://www.kb.cert.org/vuls/id/952657
af854a3a-2127-422b-91ae-364da2661108
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
Exploit, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0