INFBA-2025:6470: rsync security update
Information about definition
Identificator: INFBA-2025:6470
Type: bugfix
Release date: 2025-07-25 10:31:30 UTC
Information about package
rsyncd is the daemon (server) version of the rsync utility, which is used for synchronizing files between computers. It allows rsync to run as a service, listening for incoming connections and transferring files based on its configuration.
Vulnerabilities description
- CVE-2024-12084
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-12084
|
no information | 9.8 | no information |
Updated packages
Preparing to download...