CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12084

Medium Severity
SVRS
36/100
CVSSv3
9.8/10
EPSS
0.07525/1

CVE-2024-12084: rsync daemon heap-based buffer overflow vulnerability. A flaw was discovered in the rsync daemon related to how it handles checksum lengths provided by an attacker. Specifically, the issue stems from insufficient validation of the s2length which allows out-of-bounds write operations to the sum2 buffer when MAX_DIGEST_LEN exceeds SUM_LENGTH. While the CVSS score is high (9.8), the SOCRadar Vulnerability Risk Score (SVRS) is 36, indicating a lower real-world risk than the CVSS score suggests. Nonetheless, this vulnerability could lead to denial-of-service or potentially arbitrary code execution if successfully exploited. Organizations using rsync should investigate and apply appropriate patches. The significance lies in the widespread use of rsync for data synchronization, making it an attractive target.

TAGS
In The Wild
X_refsource_REDHAT
Vdb-entry
Issue-tracking
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-02-27
LAST MODIFIED2025-01-15
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12084 is a critical heap-based buffer overflow vulnerability affecting the rsync daemon. This flaw arises from improper handling of attacker-controlled checksum lengths, allowing attackers to potentially write out of bounds in the sum2 buffer.

SVRS: 91 indicates an extremely high vulnerability risk, necessitating immediate action.

Key Insights

  • High Severity: The CVSS score of 9.8 and the SVRS of 91 highlight the critical nature of this vulnerability.
  • Active Exploitation: The "In The Wild" tag confirms that this vulnerability is actively being exploited by hackers.
  • Potential for Remote Code Execution: Successful exploitation of this vulnerability could allow attackers to gain control of the affected systems, potentially leading to data theft, system compromise, and other malicious activities.
  • Wide Impact: The rsync daemon is widely used for data synchronization, making this vulnerability a significant threat to numerous systems and organizations.

Mitigation Strategies

  • Immediate Patching: Apply the latest security updates and patches provided by the rsync developers to address this vulnerability.
  • Network Segmentation: Isolate vulnerable systems from external networks and critical resources to limit the impact of a successful exploit.
  • Intrusion Detection and Prevention: Implement robust intrusion detection and prevention systems to detect and block any suspicious activity related to this vulnerability.
  • Vulnerability Scanning: Regularly conduct vulnerability scans to identify any remaining vulnerable systems and ensure that all critical systems are patched.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

VU#952657: Rsync contains six vulnerabilities
2025-05-01
VU#952657: Rsync contains six vulnerabilities | Overview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write,–safe-links bypass, and symbolic-link race condition. Description Many backup programs, such as Rclone, DeltaCopy, and ChronoSync use Rsync as
cert.org
rss
forum
news
What’s New in Rapid7 Products & Services: Q1 2025 in Review
Margaret Wei2025-04-01
What’s New in Rapid7 Products & Services: Q1 2025 in Review | Read on for Q1 2025 release highlights across the Command Platform, from Exposure Command to Managed Threat Complete.At Rapid7, we started off the year focused on delivering new features and advancements across our products and services to bring you the context needed to prioritize exposures, visualize your attack surface, and accelerate incident response. Read on for Q1 2025 release highlights across the Command Platform, from Exposure
rapid7.com
rss
forum
news
Focus Friday: Third-Party Risks In PostgreSQL and Zimbra Vulnerabilities
Ferdi Gül2025-04-01
Focus Friday: Third-Party Risks In PostgreSQL and Zimbra Vulnerabilities | Written by: Ferdi Gül This week’s Focus Friday blog highlights two critical vulnerabilities impacting enterprise systems: CVE-2025-1094 in PostgreSQL and CVE-2023-34192 in Zimbra Collaboration Suite (ZCS). These vulnerabilities pose significant risks to third-party ecosystems, potentially leading to SQL injection attacks in PostgreSQL and Cross-Site Scripting (XSS) exploits in Zimbra. As organizations continue to rely on […] The post Focus Friday: Third-Party Risks In PostgreSQL and Zimbra
normshield.com
rss
forum
news
⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists
Ajit Jasrotia2025-03-03
⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists | This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that […] The post ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches
allhackernews.com
rss
forum
news
FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and SimpleHelp Vulnerabilities
Ferdi Gül2025-03-01
FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and SimpleHelp Vulnerabilities | Written by: Ferdi Gül Welcome to this week’s Focus Friday, where we dive into key vulnerabilities impacting widely used technologies. This installment highlights three significant incidents that pose unique challenges to third-party risk management (TPRM) teams. From Juniper Junos OS to Rsync and SimpleHelp, we explore how these vulnerabilities affect the security posture of vendors […] The post FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM Insights on FortiGate, QNAP, Mongoose, and W3 Total Cache Vulnerabilities with Black Kite’s FocusTags™
Ferdi Gül2025-03-01
FOCUS FRIDAY: TPRM Insights on FortiGate, QNAP, Mongoose, and W3 Total Cache Vulnerabilities with Black Kite’s FocusTags™ | Written by: Ferdi Gül In today’s interconnected digital landscape, the rapid emergence of critical vulnerabilities demands an agile and informed approach to Third-Party Risk Management (TPRM). This week’s Focus Friday blog highlights high-profile incidents involving vulnerabilities in FortiGate firewalls, QNAP NAS systems, Mongoose, and the W3 Total Cache WordPress plugin. Each of these vulnerabilities poses […] The post FOCUS FRIDAY: TPRM Insights
normshield.com
rss
forum
news
Rsync Vulnerabilities Let Hackers Gain Full Control of Servers – PoC Released
Guru Baran2025-02-26
Rsync Vulnerabilities Let Hackers Gain Full Control of Servers – PoC Released | Critical vulnerabilities in the Rsync file synchronization tool enable attackers to execute arbitrary code on vulnerable servers, exfiltrate sensitive data, and bypass critical security controls. The vulnerabilities affect Rsync version 3.2.7 and earlier, with proof-of-concept exploits already demonstrating remote code execution capabilities. Critical Memory Corruption Vulnerabilities Heap Buffer Overflow in Checksum Handling (CVE-2024-12084) GitHub reported […] The post Rsync Vulnerabilities Let Hackers Gain Full Control of Servers – PoC
cybersecuritynews.com
rss
forum
news

Social Media

Our defense in depth security strategy is top tier. See how we protected ourselves against CVE-2024-12084 before it was even publicly disclosed with the help of OpenSSF-recommended compiler flags! ⛳️ https://t.co/rhDa7lV52E
0
0
3
🚨 UPDATE: CVE-2024-12084 in rsync 🚨 ℹ️ New details have emerged that could aid exploitation. Sysdig TRT updated their blog with a Falco rule to detect command execution from heap overflow attacks. Read up on the latest findings & mitigation strategies: https://t.co/l9tRJnHqhQ
0
0
0
CVE-2024-12084 & CVE-2024-12085: Rsync Flaws Allow Hackers to Take Over Servers, PoC Published #PoC https://t.co/ogBUaDwN7n
0
0
0
Critical vulnerabilities CVE-2024-12084 & CVE-2024-12085 in Rsync could enable hackers to compromise servers. Proof-of-concept exploits are now public. Admins should update Rsync immediately to mitigate risks. Details: https://t.co/6PmUz8q5Ej
0
0
0
CVE-2024-12084 & CVE-2024-12085: Rsync Flaws Allow Hackers to Take Over Servers, PoC Published Explore CVE-2024-12084 PoC and learn about critical vulnerabilities in Rsync that could enable remote code execution and data leaks. https://t.co/Wyl3fUY3Cf
0
1
1
A Rapid7 Analysis was added for "CVE-2024-12084". (rsync) https://t.co/49gTXp2piQ
0
1
0
https://t.co/EqK1bD7rKB Detecting and mitigating CVE-2024-12084: rsync remote code execution
0
0
2
508k instances still possibly vulnerable to CVE-2024-12084 we can't detect versions of rsync over the internet but we can extract protocols from which we can map to versions vulnerable: <= 3.2.7 - protocol 31 unaffected: < 3.4.0 - protocol 32 https://t.co/voch6LN18i https://t.co/sibQqIC0cs
1
0
1
Kritieke kwetsbaarheid in rsync daemon: een diepgaande analyse van cve-2024-12084 https://t.co/1rqEZOft5j #CVE-2024-12084 #rsync daemon veiligheid #Red Hat kwetsbaarheid #heap-based buffer overflow #kritieke software kwetsbaarheden #Trending #Tech #Nieuws
0
0
3
Six vulnerabilities in Rsync include CVE-2024-12084, a critical heap-based buffer overflow, and CVE-2024-12085, a high-severity checksum flaw. Combined, they allow code execution. Shodan shows 660,000+ exposed Rsync servers. Update immediately.
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
RHBZ#2330527https://bugzilla.redhat.com/show_bug.cgi?id=2330527
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2025/01/14/6
[email protected]https://access.redhat.com/security/cve/CVE-2024-12084
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2330527
[email protected]https://kb.cert.org/vuls/id/952657
RHBZ#2330527https://bugzilla.redhat.com/show_bug.cgi?id=2330527

CWE Details

CWE IDCWE NameDescription
CWE-122Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence