AZL-55646 — Vulnetix

AZL-55646 PUBLISHED CVSS 9.300000190734863 CRITICAL

CVE-2024-12084 affecting package rsync for versions less than 3.4.1-1

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Azure Linux:2	rsync	0

Exploit Intelligence

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. (github-poc-repo)
A easy poc for CVE-2024-12084. (github-poc-repo)
A easy poc for CVE-2024-12084. (github-poc)
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. (github-poc)
themirze/cve-2024-12084 (github-poc)

Timeline

Jan 15, 2025 CVE Published
Apr 21, 2026 CVE Updated

References

https://nvd.nist.gov/vuln/detail/CVE-2024-12084 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›