ГлавнаяУязвимости → CVE-2024-12085
7.5высокая

CVE-2024-12085

→ есть в БДУ: BDU:2025-00376 (на русском)
Описание (на английском; русское — в БДУ выше)

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Затрагиваемое ПО
Samba RsyncRedhat OpenshiftRedhat Openshift container platformRedhat Enterprise linuxRedhat Enterprise linux eusRedhat Enterprise linux for arm 64Redhat Enterprise linux for arm 64 eusRedhat Enterprise linux for ibm z systemsRedhat Enterprise linux for ibm z systems eusRedhat Enterprise linux for power little endianRedhat Enterprise linux for power little endian eusRedhat Enterprise linux serverRedhat Enterprise linux server ausRedhat Enterprise linux server for power little endian update services for sap solutionsRedhat Enterprise linux server tusRedhat Enterprise linux update services for sap solutionsAlmalinux AlmalinuxArchlinux Arch linuxGentoo LinuxNixos NixosSuse Suse linuxTritondatacenter Smartos
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://access.redhat.com/errata/RHBA-2025:6470https://access.redhat.com/errata/RHSA-2025:0324https://access.redhat.com/errata/RHSA-2025:0325https://access.redhat.com/errata/RHSA-2025:0637https://access.redhat.com/errata/RHSA-2025:0688https://access.redhat.com/errata/RHSA-2025:0714https://access.redhat.com/errata/RHSA-2025:0774https://access.redhat.com/errata/RHSA-2025:0787