CVE-2024-12086

MEDIUM

rsync < 3.3.0 - Arbitrary File Read via Checksum Manipulation

Title source: llm
STIX 2.1

Description

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

References (9)

Core 9
Core References
Third Party Advisory
https://kb.cert.org/vuls/id/952657
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/952657
Vendor Advisory vendor-advisory x_refsource_redhat
RHBA-2025:6470
https://access.redhat.com/errata/RHBA-2025:6470
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-12086
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2330577
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:19368
https://access.redhat.com/errata/RHSA-2026:19368

Scores

CVSS v3 6.1
EPSS 0.0122
EPSS Percentile 79.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-390
Status published
Products (22)
almalinux/almalinux 8.0
almalinux/almalinux 9.0
almalinux/almalinux 10.0
archlinux/arch_linux
gentoo/linux
nixos/nixos < 24.11
Red Hat/Red Hat Enterprise Linux 10 0:3.4.1-2.el10
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
... and 12 more
Published Jan 14, 2025
Tracked Since Feb 18, 2026