CVE-2024-12085 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Information disclosure |
| Description | A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2858 | rsync | 3.3.0-2 | 3.4.0-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 14 Jan 2025 | ASA-202501-1 | AVG-2858 | rsync | Critical | multiple issues |
| Notes |
|---|
This vulnerability is rated as having high severity as it helps bypass Address Space Layout Randomization (ASLR). |