CVE-2024-12084

Published Jan 15, 2025

Last updated 6 days ago

CVSS critical 9.8

Overview

Description
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
Source
secalert@redhat.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

secalert@redhat.com
CWE-122

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

2

  1. CVE-2024-12084> A heap-based buffer overflow flaw was found in the rsync daemon. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. https://t.co/vVPBJ2NthU https://t.co/1EYuE7FNPz

    @cyber_advising

    21 Jan 2025

    9 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-50603 2 - CVE-2023-34960 3 - CVE-2024-49138 4 - CVE-2024-12084 5 - CVE-2025-21210 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    21 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #Linux Weekly Roundup for January 19th, 2025: Linux kernel 6.13, Linux Mint 22.1, MX Linux 23.5, Dillo 3.2, OpenZFS 2.3, DXVK 2.5.3, new rsync vulnerability (CVE-2024-12084) patched, Oracle announces OLED, and more https://t.co/ILXS08fb92 #OpenSource #FOSS https://t.co/YqHMTFque

    @9to5linux

    20 Jan 2025

    1615 Impressions

    9 Retweets

    35 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. 🚨Alert🚨 CVE-2024-12084(CVSS 9.8) : Heap overflow that could lead to remote code execution 📊 52M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/eaQDXmdvLg 👇Query HUNTER : https://t.co/q9rtuGfZuz="rsync" FOFA : product="rsync" SHODAN :… ht

    @HunterMapping

    20 Jan 2025

    4127 Impressions

    24 Retweets

    79 Likes

    23 Bookmarks

    0 Replies

    1 Quote

  5. Detecting and mitigating CVE-2024-12084: rsync remote code execution |  by Michael Clark @sysdig https://t.co/6AqNxkZHRS

    @cyb3rops

    18 Jan 2025

    21618 Impressions

    41 Retweets

    137 Likes

    38 Bookmarks

    0 Replies

    1 Quote

  6. On Jan 14, 2025, critical vulnerabilities were found in rsync, notably CVE-2024-12084, with a CVSS score of 9.8 for remote code execution. Mitigation strategies are crucial. 🛡️ #Rsync #RemoteExecution #USA #ThreatResearch link: https://t.co/OFxlrmEe5w https://t.co/REBizlnP8z

    @TweetThreatNews

    18 Jan 2025

    68 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🛡️ CVE-2024-12084: ثغرة تنفيذ تعليمات برمجية عن بُعد (Rsync Remote Code Execution) 🛡️ في هذا المنشور، نسلط الضوء على ثغرة أمنية خطيرة في أداة Rsync المستخدمة على نطاق واسع لنقل ومزامنة الملفات بين الأجهزة. تُعرف الثغرة بـ CVE-2024-12084، وهي تتيح للمهاجمين تنفيذ تعليمات برمجية

    @MahRabie

    17 Jan 2025

    36 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🛡️ CVE-2024-12084: ثغرة تنفيذ تعليمات برمجية عن بُعد (Rsync Remote Code Execution) 🛡️ في هذا المنشور، نسلط الضوء على ثغرة أمنية خطيرة في أداة Rsync المستخدمة على نطاق واسع لنقل ومزامنة الملفات بين الأجهزة. تُعرف الثغرة بـ CVE-2024-12084، وهي تتيح للمهاجمين تنفيذ تعليمات برمجية

    @MahRabie

    17 Jan 2025

    4 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Alert: CVE-2024-12084 🚨 A severe heap overflow vulnerability in rsync could lead to remote code execution—affecting 600k+ systems globally. 🔎 Read more details on the Falco detection rule for this CVE, as well as steps for mitigation from Sysdig TRT:https://t.co/aKe5J8bwxx

    @sysdig

    17 Jan 2025

    321 Impressions

    3 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. [1/4] 🚨Two days ago, 6 vulnerabilities affecting rsync, a widely-used file transferring and synchronizing utility were published. Two of these, CVE-2024-12084 - a heap buffer overflow that could lead to code execution, and CVE-2024-12085 - an information leak allowing one-byte…

    @JFrogSecurity

    16 Jan 2025

    530 Impressions

    3 Retweets

    7 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  11. ⚠️ CVE-2024-12084 - Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling CVSS 3.1: 9.8 In total 6 vulnerabilities found in rsync by @scannell_simon @JasielSpelman and Pedro Gallegos from @google ➡️ More info: https://t.co/g5Zyj5lsrk

    @javutin

    16 Jan 2025

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2024-12084 A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code… https://t.co/oVEfbFzFsA

    @CVEnew

    15 Jan 2025

    457 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. [CVE-2024-12084: CRITICAL] Heap-based overflow flaw discovered in rsync daemon due to handling of attacker-controlled checksum lengths, allowing out-of-bounds writes. #CyberSecurity#cybersecurity,#vulnerability https://t.co/xRsehl0aLJ https://t.co/CnQo8UrWX5

    @CveFindCom

    15 Jan 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Multiple vulnerabilities in the Rsync tool, including a critical heap-buffer overflow (CVE-2024-12084, CVSS 9.8), expose users to code execution risks. Patches available in version 3.4.0. 🛡️💻 #Rsync #SecurityFlaw #USA #CybersecurityNews link: https://t.co/TOBPnaaUqg https://t.

    @TweetThreatNews

    15 Jan 2025

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Rsyncで重大(Critical)な脆弱性。CVE-2024-12084はCVSSスコア9.8で、バッファオーバーフローによる任意コード実行のおそれ。その他脆弱性5件と併せパッチされている。 https://t.co/eXTidaeTcK

    @__kokumoto

    15 Jan 2025

    2696 Impressions

    16 Retweets

    23 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-12084 (CVSS 9.8) - Code Execution Risk: Rsync Vulnerability Demands Immediate Patching Stay protected from CVE-2024-12084 and other vulnerabilities in #Rsync. Learn about the risks, exploits, and how to secure your systems. https://t.co/TkBkHh0TAj

    @the_yellow_fall

    15 Jan 2025

    874 Impressions

    4 Retweets

    9 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  17. 6 new CVEs in "rsync". "In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on." That would be CVE-2024-12084 (9.8) https://t.co/aY8jDVf7yb @jschauma

    @dacbarbos

    14 Jan 2025

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. RCE in rsync, CVE-2024-12084 (and 5 more vulnerabilities) https://t.co/l4t2om6LVP

    @_r_netsec

    14 Jan 2025

    1187 Impressions

    6 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  19. Fixes for a critical rsync vulnerability (CVE-2024-12084) have been released for Stable/Bookworm, Testing and Unstable. Oldstable/Bullseye is not affected. Fixes for other lower severity CVEs have also been released in the same update and can all… https://t.co/2T6a4CBZgH #debian

    @debian

    14 Jan 2025

    8297 Impressions

    47 Retweets

    190 Likes

    16 Bookmarks

    2 Replies

    4 Quotes

References