CVE-2024-12086

MEDIUM

rsync < 3.3.0 - Arbitrary File Read via Checksum Manipulation

Title source: llm
STIX 2.1

Description

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

References (11)

Core 11
Core References
Third Party Advisory
https://kb.cert.org/vuls/id/952657
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:29197
Vendor Advisory vendor-advisory x_refsource_redhat
RHBA-2025:6470
https://access.redhat.com/errata/RHBA-2025:6470
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-12086
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2330577
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/952657
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:19368
https://access.redhat.com/errata/RHSA-2026:19368
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20603
https://access.redhat.com/errata/RHSA-2026:20603

Scores

CVSS v3 6.1
EPSS 0.0176
EPSS Percentile 75.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-390
Status published
Products (25)
almalinux/almalinux 8.0
almalinux/almalinux 9.0
almalinux/almalinux 10.0
archlinux/arch_linux
gentoo/linux
nixos/nixos < 24.11
Red Hat/Red Hat Discovery 2 1782166952
Red Hat/Red Hat Enterprise Linux 10 0:3.4.1-2.el10
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
... and 15 more
Published Jan 14, 2025
Tracked Since Feb 18, 2026