CVE-2024-12084

CRITICAL

rsync - Heap-based Buffer Overflow via Checksum Length Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-12084. PoCs published by themirze, InkeyP, rxerium.

AI-analyzed exploit summary This script scans for Rsync services on a list of IPs and tests for write permissions in accessible modules. It does not exploit CVE-2024-12084 but checks for conditions that might indicate vulnerability.

Description

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

Exploits (3)

nomisec SCANNER 4 stars
by themirze · poc
https://github.com/themirze/cve-2024-12084

This script scans for Rsync services on a list of IPs and tests for write permissions in accessible modules. It does not exploit CVE-2024-12084 but checks for conditions that might indicate vulnerability.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Rsync (version not specified)
Auth required
Prerequisites: List of target IPs · Rsync password file · Network access to port 873
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by InkeyP · poc
https://github.com/InkeyP/CVE-2024-12084

This repository contains a functional exploit PoC for CVE-2024-12084, targeting a vulnerability in rsync. The exploit demonstrates a complex interaction with the rsync daemon, including handshake negotiation, file list parsing, and multiplexing to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: rsync (version not explicitly specified, but likely 3.2.7 or earlier)
No auth needed
Prerequisites: Network access to the rsync daemon · rsync daemon running with vulnerable configuration
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SCANNER
by rxerium · poc
https://github.com/rxerium/CVE-2024-12084

This repository contains a Nuclei template for detecting rsync servers vulnerable to CVE-2024-12084 by checking the protocol version (31.0). It does not include exploit code but provides a detection method based on version mapping.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: rsync daemon <= 3.2.7
No auth needed
Prerequisites: Network access to rsync port (873)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory
https://kb.cert.org/vuls/id/952657
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/01/14/6
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/952657
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHBA-2025:6470
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-12084
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2330527

Scores

CVSS v3 9.8
EPSS 0.7185
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-122 CWE-787
Status published
Products (10)
almalinux/almalinux 10.0
archlinux/arch_linux
gentoo/linux
nixos/nixos 24.11
nixos/nixos < 24.11
novell/suse_linux
redhat/enterprise_linux 10.0
samba/rsync 3.2.7
samba/rsync 3.3.0
tritondatacenter/smartos < 20250123
Published Jan 15, 2025
Tracked Since Feb 18, 2026