Cyber Posture

CVE-2024-12085

HighPublic PoC

Published: 14 January 2025

Published
14 January 2025
Modified
14 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1914 95.4th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password.

Security Summary

CVE-2024-12085 is a vulnerability in rsync that arises during file checksum comparisons. The flaw enables an attacker to manipulate the checksum length parameter (s2length), causing rsync to compare a provided checksum against uninitialized memory. This results in the disclosure of one byte of uninitialized stack data per operation. The issue is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-908 (Use of Uninitialized Resource). It was published on 2025-01-14.

A remote, unauthenticated attacker can exploit this vulnerability with low attack complexity and no user interaction. By sending crafted rsync traffic that triggers checksum comparisons, the attacker can iteratively leak uninitialized stack bytes, enabling gradual information disclosure from the target's memory.

Red Hat has issued multiple errata addressing this flaw, including RHBA-2025:6470, RHSA-2025:0324, RHSA-2025:0325, RHSA-2025:0637, and RHSA-2025:0688. Security practitioners running affected rsync versions on Red Hat systems should apply these updates for mitigation.

Details

CWE(s)
CWE-908

Affected Products

samba
rsync
≤ 3.3.0
redhat
openshift
5.0
redhat
openshift container platform
4.12, 4.13, 4.14, 4.15, 4.16
redhat
enterprise linux
8.0, 9.0
redhat
enterprise linux eus
8.8, 9.2, 9.4, 9.6
redhat
enterprise linux for arm 64
8.0_aarch64, 9.0_aarch64, 9.2_aarch64
redhat
enterprise linux for arm 64 eus
8.8_aarch64, 9.4_aarch64, 9.6_aarch64
redhat
enterprise linux for ibm z systems
8.0_s390x, 9.0_s390x, 9.2_s390x
redhat
enterprise linux for ibm z systems eus
8.8_s390x, 9.4_s390x, 9.6_s390x
redhat
enterprise linux for power little endian
8.0_ppc64le, 8.8_ppc64le, 9.0_ppc64le, 9.2_ppc64le
+12 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1003 OS Credential Dumping Credential Access
Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password.
attack.mitre.org →
Why these techniques?

The vulnerability in rsync enables an attacker to remotely leak uninitialized stack memory one byte at a time by manipulating the checksum length (s2length) during file checksum comparisons, facilitating OS Credential Dumping (T1003) from the rsync process memory.

References