{"api_version":"1","generated_at":"2026-04-19T08:31:51+00:00","cve":"CVE-2024-12085","urls":{"html":"https://cve.report/CVE-2024-12085","api":"https://cve.report/api/cve/CVE-2024-12085.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-12085","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-12085"},"summary":{"title":"Rsync: info leak via uninitialized stack contents","description":"A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-01-14 18:15:25","updated_at":"2026-04-14 22:16:24"},"problem_types":["CWE-908","CWE-908 Use of Uninitialized Resource"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:0884","name":"https://access.redhat.com/errata/RHSA-2025:0884","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:2701","name":"https://access.redhat.com/errata/RHSA-2025:2701","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:1451","name":"https://access.redhat.com/errata/RHSA-2025:1451","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.netapp.com/advisory/ntap-20250131-0002/","name":"https://security.netapp.com/advisory/ntap-20250131-0002/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330539","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2330539","refsource":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:21885","name":"https://access.redhat.com/errata/RHSA-2025:21885","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0688","name":"https://access.redhat.com/errata/RHSA-2025:0688","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0714","name":"https://access.redhat.com/errata/RHSA-2025:0714","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0324","name":"https://access.redhat.com/errata/RHSA-2025:0324","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0787","name":"https://access.redhat.com/errata/RHSA-2025:0787","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0637","name":"https://access.redhat.com/errata/RHSA-2025:0637","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.kb.cert.org/vuls/id/952657","name":"https://www.kb.cert.org/vuls/id/952657","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:1225","name":"https://access.redhat.com/errata/RHSA-2025:1225","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0774","name":"https://access.redhat.com/errata/RHSA-2025:0774","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://kb.cert.org/vuls/id/952657","name":"https://kb.cert.org/vuls/id/952657","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0325","name":"https://access.redhat.com/errata/RHSA-2025:0325","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:1123","name":"https://access.redhat.com/errata/RHSA-2025:1123","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2024-12085","name":"https://access.redhat.com/security/cve/CVE-2024-12085","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0790","name":"https://access.redhat.com/errata/RHSA-2025:0790","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0885","name":"https://access.redhat.com/errata/RHSA-2025:0885","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:1120","name":"https://access.redhat.com/errata/RHSA-2025:1120","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:1128","name":"https://access.redhat.com/errata/RHSA-2025:1128","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHBA-2025:6470","name":"https://access.redhat.com/errata/RHBA-2025:6470","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:1227","name":"https://access.redhat.com/errata/RHSA-2025:1227","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj","name":"https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:1242","name":"https://access.redhat.com/errata/RHSA-2025:1242","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0849","name":"https://access.redhat.com/errata/RHSA-2025:0849","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html","name":"https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-12085","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-12085","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 0:3.4.1-2.el10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION","version":"unaffected 0:3.0.6-12.el6_10.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","version":"unaffected 0:3.1.2-12.el7_9.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:3.1.3-20.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","version":"unaffected 0:3.1.3-7.el8_2.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","version":"unaffected 0:3.1.3-12.el8_4.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","version":"unaffected 0:3.1.3-12.el8_4.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","version":"unaffected 0:3.1.3-12.el8_4.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","version":"unaffected 0:3.1.3-14.el8_6.6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","version":"unaffected 0:3.1.3-14.el8_6.6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","version":"unaffected 0:3.1.3-14.el8_6.6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","version":"unaffected 0:3.1.3-20.el8_8.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:3.2.3-20.el9_5.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:3.2.3-20.el9_5.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","version":"unaffected 0:3.2.3-9.el9_0.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","version":"unaffected 0:3.2.3-19.el9_2.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 0:3.2.3-19.el9_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.12","version":"unaffected 412.86.202502100314-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.13","version":"unaffected 413.92.202503112237-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","version":"unaffected 414.92.202502111902-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","version":"unaffected 415.92.202501281917-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","version":"unaffected v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","version":"unaffected v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","version":"unaffected v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","version":"unaffected 417.94.202502051822-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.17-22 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.17-10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v6.8.1-454 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.17-17 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v1.0.0-537 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.17-4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v0.4.0-339 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.17-4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v1.1.0-320 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.1-552 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v3.3.2-9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.17-5 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.17-12 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v5.8.17-5 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v0.1.0-725 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v0.1.0-342 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","version":"unaffected v0.28.1-88 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v5.9.11-25 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v5.9.11-11 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v0.4.0-340 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v5.9.11-5 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v1.1.0-321 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v3.3.2-8 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v5.9.11-6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v5.9.11-9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v5.9.11-4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v0.1.0-724 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v0.1.0-341 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOL-5.9-RHEL-9","version":"unaffected v0.34.1-30 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Compliance Operator 1","version":"unaffected sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498 * rpm","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-12-05T12:06:36.594Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-01-14T15:06:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable's memory with zeroes to prevent uninitialized memory disclosure.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.","lang":"en"}],"nvd_cpes":[{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"almalinux","cpe5":"almalinux","cpe6":"10.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"almalinux","cpe5":"almalinux","cpe6":"8.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"almalinux","cpe5":"almalinux","cpe6":"9.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"archlinux","cpe5":"arch_linux","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"gentoo","cpe5":"linux","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"nixos","cpe5":"nixos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"9.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_arm_64","cpe6":"8.0_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_arm_64","cpe6":"9.0_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_arm_64","cpe6":"9.2_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_arm_64_eus","cpe6":"8.8_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_arm_64_eus","cpe6":"9.4_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_arm_64_eus","cpe6":"9.6_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems","cpe6":"8.0_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems","cpe6":"9.0_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems","cpe6":"9.2_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus","cpe6":"8.8_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus","cpe6":"9.4_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus","cpe6":"9.6_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian","cpe6":"8.0_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian","cpe6":"8.8_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian","cpe6":"9.0_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian","cpe6":"9.2_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian_eus","cpe6":"9.4_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian_eus","cpe6":"9.6_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"8.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"9.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions","cpe6":"8.4_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions","cpe6":"8.6_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions","cpe6":"8.8_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions","cpe6":"9.0_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions","cpe6":"9.2_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions","cpe6":"9.4_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions","cpe6":"9.6_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_tus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_tus","cpe6":"8.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_tus","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_update_services_for_sap_solutions","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_update_services_for_sap_solutions","cpe6":"8.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_update_services_for_sap_solutions","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_update_services_for_sap_solutions","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_update_services_for_sap_solutions","cpe6":"9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"rsync","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"suse_linux","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"12085","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"tritondatacenter","cpe5":"smartos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"12085","cve":"CVE-2024-12085","epss":"0.191430000","percentile":"0.953580000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:55"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-12085","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-02-27T04:55:14.796829Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-26T19:09:27.571Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"}],"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-11-03T21:52:11.159Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://security.netapp.com/advisory/ntap-20250131-0002/"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"},{"url":"https://www.kb.cert.org/vuls/id/952657"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://github.com/RsyncProject/rsync","defaultStatus":"unaffected","packageName":"rsync","versions":[{"lessThanOrEqual":"3.3.0","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.4.1-2.el10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_els:6"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.0.6-12.el6_10.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_els:7"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.2-12.el7_9.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-20.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-7.el8_2.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_tus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_aus:8.4::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-12.el8_4.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_tus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_aus:8.4::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-12.el8_4.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_tus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_aus:8.4::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-12.el8_4.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-14.el8_6.6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-14.el8_6.6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-14.el8_6.6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_eus:8.8::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.3-20.el8_8.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.2.3-20.el9_5.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.2.3-20.el9_5.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.2.3-9.el9_0.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream","cpe:/o:redhat:rhel_eus:9.2::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.2.3-19.el9_2.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/o:redhat:rhel_eus:9.4::baseos"],"defaultStatus":"affected","packageName":"rsync","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.2.3-19.el9_4.1","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.12::el8"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.12","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"412.86.202502100314-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.13::el8","cpe:/a:redhat:openshift:4.13::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.13","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"413.92.202503112237-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.14::el8","cpe:/a:redhat:openshift:4.14::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.14","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"414.92.202502111902-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.15::el9","cpe:/a:redhat:openshift:4.15::el8"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.15","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"415.92.202501281917-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","packageName":"openshift4/ose-ansible-rhel9-operator","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","packageName":"openshift4/ose-helm-rhel9-operator","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","packageName":"openshift4/ose-operator-sdk-rhel9","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.17","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"417.94.202502051822-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/cluster-logging-operator-bundle","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.17-22","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/cluster-logging-rhel9-operator","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.17-10","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/elasticsearch6-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v6.8.1-454","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/elasticsearch-operator-bundle","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.17-17","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/elasticsearch-proxy-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v1.0.0-537","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/elasticsearch-rhel9-operator","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.17-4","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/eventrouter-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v0.4.0-339","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/fluentd-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.17-4","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/log-file-metric-exporter-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v1.1.0-320","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/logging-curator5-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.1-552","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/logging-loki-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v3.3.2-9","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/logging-view-plugin-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.17-5","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/loki-operator-bundle","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.17-12","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/loki-rhel9-operator","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.8.17-5","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/lokistack-gateway-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v0.1.0-725","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/opa-openshift-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v0.1.0-342","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.8::el9"],"defaultStatus":"affected","packageName":"openshift-logging/vector-rhel9","product":"RHOL-5.8-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v0.28.1-88","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/cluster-logging-operator-bundle","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.9.11-25","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/cluster-logging-rhel9-operator","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.9.11-11","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/eventrouter-rhel9","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v0.4.0-340","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/fluentd-rhel9","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.9.11-5","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/log-file-metric-exporter-rhel9","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v1.1.0-321","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/logging-loki-rhel9","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v3.3.2-8","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/logging-view-plugin-rhel9","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.9.11-6","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/loki-operator-bundle","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.9.11-9","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/loki-rhel9-operator","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v5.9.11-4","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/lokistack-gateway-rhel9","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v0.1.0-724","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/opa-openshift-rhel9","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v0.1.0-341","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:logging:5.9::el9"],"defaultStatus":"affected","packageName":"openshift-logging/vector-rhel9","product":"RHOL-5.9-RHEL-9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v0.34.1-30","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"],"defaultStatus":"affected","packageName":"compliance/openshift-compliance-must-gather-rhel8","product":"Compliance Operator 1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498","versionType":"rpm"}]}],"credits":[{"lang":"en","value":"Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."}],"datePublic":"2025-01-14T15:06:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-908","description":"Use of Uninitialized Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-14T21:41:26.864Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHBA-2025:6470","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHBA-2025:6470"},{"name":"RHSA-2025:0324","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0324"},{"name":"RHSA-2025:0325","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0325"},{"name":"RHSA-2025:0637","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0637"},{"name":"RHSA-2025:0688","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0688"},{"name":"RHSA-2025:0714","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0714"},{"name":"RHSA-2025:0774","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0774"},{"name":"RHSA-2025:0787","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0787"},{"name":"RHSA-2025:0790","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0790"},{"name":"RHSA-2025:0849","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0849"},{"name":"RHSA-2025:0884","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0884"},{"name":"RHSA-2025:0885","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0885"},{"name":"RHSA-2025:1120","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:1120"},{"name":"RHSA-2025:1123","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:1123"},{"name":"RHSA-2025:1128","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:1128"},{"name":"RHSA-2025:1225","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:1225"},{"name":"RHSA-2025:1227","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:1227"},{"name":"RHSA-2025:1242","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:1242"},{"name":"RHSA-2025:1451","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:1451"},{"name":"RHSA-2025:21885","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:21885"},{"name":"RHSA-2025:2701","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:2701"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2024-12085"},{"name":"RHBZ#2330539","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330539"},{"url":"https://kb.cert.org/vuls/id/952657"}],"timeline":[{"lang":"en","time":"2024-12-05T12:06:36.594Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-01-14T15:06:00.000Z","value":"Made public."}],"title":"Rsync: info leak via uninitialized stack contents","workarounds":[{"lang":"en","value":"Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable's memory with zeroes to prevent uninitialized memory disclosure."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-908: Use of Uninitialized Resource"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2024-12085","datePublished":"2025-01-14T17:37:16.036Z","dateReserved":"2024-12-03T08:57:53.329Z","dateUpdated":"2026-04-14T21:41:26.864Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-01-14 18:15:25","lastModifiedDate":"2026-04-14 22:16:24","problem_types":["CWE-908","CWE-908 Use of Uninitialized Resource"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"C3A9FCFD-8115-4C36-95D1-625B124ED9F9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:5.0:*:*:*:*:*:*:*","matchCriteriaId":"3FD9C791-100F-4672-AB43-94B80DFAF818"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*","matchCriteriaId":"40449571-22F8-44FA-B57B-B43F71AB25E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*","matchCriteriaId":"1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*","matchCriteriaId":"486B3F69-1551-4F8B-B25B-A5864248811B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*","matchCriteriaId":"4716808D-67EB-4E14-9910-B248A500FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*","matchCriteriaId":"0EBB38E1-4161-402D-8A37-74D92891AAC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*","matchCriteriaId":"F4B66318-326A-43E4-AF14-015768296E4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*","matchCriteriaId":"62C31522-0A17-4025-B269-855C7F4B45C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*","matchCriteriaId":"3C74F6FA-FA6C-4648-9079-91446E45EE47"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*","matchCriteriaId":"B03506D7-0FCD-47B7-90F6-DDEEB5C5A733"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*","matchCriteriaId":"C4CF8D2F-DACA-49C2-A9F4-63496B0A9A80"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"5A47EF78-A5B6-4B89-8B74-EEB0647C549F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"D85E0DBA-A856-472A-8271-A4F37C35F952"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"01363FFA-F7A6-43FC-8D47-E67F95410095"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"CA15BFFC-B8E8-4EE3-8E14-8C95DF6C99C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"32AF225E-94C0-4D07-900C-DD868C05F554"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FB056B47-1F45-4CE4-81F6-872F66C24C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*","matchCriteriaId":"2E068ABB-31C2-416E-974A-95E07A2BAB0A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*","matchCriteriaId":"22C65F53-D624-48A9-A9B7-4C78A31E19F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*","matchCriteriaId":"F843B777-5C64-4CAE-80D6-89DC2C9515B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*","matchCriteriaId":"778ACA25-ED77-4EFC-A183-DE094C58B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"23D471AC-7DCA-4425-AD91-E5D928753A8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.8_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"5B4A41C6-7ECB-4F3D-AB10-96F2D00B6840"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"ED521457-498F-4E43-B714-9A3F2C3CD09A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"0516993E-CBD5-44F1-8684-7172C9ABFD0A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"6897676D-53F9-45B3-B27F-7FF9A4C58D33"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"E28F226A-CBC7-4A32-BE58-398FA5B42481"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"76C24D94-834A-4E9D-8F73-624AFA99AAA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*","matchCriteriaId":"F32CA554-F9D7-425B-8F1C-89678507F28C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*","matchCriteriaId":"39D345D3-108A-4551-A112-5EE51991411A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*","matchCriteriaId":"0FDD919E-B7FE-4EC5-8D6B-EC9A4723D6E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"6E645F29-0FE0-477F-969A-55F009AB018C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"6C138DAF-9769-43B0-A9E6-320738EB3415"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"18037675-B4D3-401E-96D3-9EA3C1993920"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"3DA48001-66CC-4E71-A944-68D7D654031E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"CC6A25CB-907A-4D05-8460-A2488938A8BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"3C30F155-DF7D-4195-92D9-A5B80407228D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"41F1A2F3-BCEF-4A8C-BA2F-DF1FF13E6179"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"AC10D919-57FD-4725-B8D2-39ECB476902F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"1272DF03-7674-4BD4-8E64-94004B195448"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*","matchCriteriaId":"F1CA946D-1665-4874-9D41-C7D963DD1F56"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*","matchCriteriaId":"E881C927-DF96-4D2E-9887-FF12E456B1FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*","matchCriteriaId":"FB096D5D-E8F6-4164-8B76-0217B7151D30"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*","matchCriteriaId":"083AAC55-E87B-482A-A1F4-8F2DEB90CB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*","matchCriteriaId":"1FD9BF0E-7ACF-4A83-B754-6E3979ED903F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*","matchCriteriaId":"554AA8CA-A930-4788-B052-497E09D48381"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*","matchCriteriaId":"F34AA7F4-6ECE-4FA5-A310-3509648BD7C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*","matchCriteriaId":"57B93E9A-1483-4FF7-BF45-BD0D7D9F1747"},{"vulnerable":true,"criteria":"cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*","matchCriteriaId":"66FD02F3-C1C2-4E1D-98C1-8889004437D4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*","matchCriteriaId":"4824AE2D-462B-477D-9206-3E2090A32146"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*","matchCriteriaId":"92121D8A-529E-454A-BC8D-B6E0017E615D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*","versionEndExcluding":"24.11","matchCriteriaId":"213883D5-9E62-4496-82E3-D5377995C257"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*","matchCriteriaId":"1FB65EF0-0E6A-4178-8564-3CC96891A072"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*","versionEndExcluding":"20250123","matchCriteriaId":"8EBD774C-F48F-45EC-A5DD-B1E56E54EF71"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"12085","Ordinal":"1","Title":"Rsync: info leak via uninitialized stack contents","CVE":"CVE-2024-12085","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"12085","Ordinal":"1","NoteData":"A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.","Type":"Description","Title":"Rsync: info leak via uninitialized stack contents"}]}}}