USN-7206-3 — Vulnetix

USN-7206-3 PUBLISHED

rsync vulnerabilities

Affected Products

Vendor	Product	Versions
Ubuntu:24.10	rsync	0, 3.3.0-1, 0

Exploit Intelligence

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. (github-poc-repo)
A easy poc for CVE-2024-12084. (github-poc-repo)
A easy poc for CVE-2024-12084. (github-poc)
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. (github-poc)
themirze/cve-2024-12084 (github-poc)

Timeline

Jan 28, 2025 CVE Published
Mar 4, 2026 Distribution Patch
Mar 4, 2026 Security Advisory

References

https://ubuntu.com/security/CVE-2024-12747 advisory
https://ubuntu.com/security/notices/USN-7206-3 advisory
https://ubuntu.com/security/CVE-2024-12084 advisory
https://ubuntu.com/security/CVE-2024-12085 advisory
https://ubuntu.com/security/CVE-2024-12086 advisory
https://ubuntu.com/security/CVE-2024-12087 advisory
https://ubuntu.com/security/CVE-2024-12088 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›