CVE-2024-12084
🔴 Łataj teraz
Przepełnienie bufora w demonie rsync umożliwia zdalne wykonanie kodu.
CVSS
9.8
EPSS
72.1%
Exploit
poc
Vendor
nixos
Opis źródłowy (NVD)
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 72.1% |
| Opublikowano (NVD) | 2025-01-15 15:15:10 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-25 03:16:27 UTC |
Referencje
- https://access.redhat.com/errata/RHBA-2025:6470 (secalert@redhat.com)
- https://access.redhat.com/security/cve/CVE-2024-12084 (secalert@redhat.com) [Third Party Advisory]
- https://bugzilla.redhat.com/show_bug.cgi?id=2330527 (secalert@redhat.com) [Issue Tracking, Third Party Advisory]
- https://kb.cert.org/vuls/id/952657 (secalert@redhat.com) [Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2025/01/14/6 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List, Third Party Advisory]
- https://security.netapp.com/advisory/ntap-20250131-0002/ (af854a3a-2127-422b-91ae-364da2661108)
- https://www.kb.cert.org/vuls/id/952657 (af854a3a-2127-422b-91ae-364da2661108)
- https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj (134c704f-9b21-4f2e-91b3-4a467353bcc0) [Exploit, Vendor Advisory]