What is CVE-2024-12085?

CVE-2024-12085 is a high-severity vulnerability in Archlinux Arch_linux, classified under Use of Uninitialized Resource. CVSS score: 7.5/10. Published 2025-01-14.

How severe is CVE-2024-12085?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2024-12085 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Archlinux Arch_linux

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one…

EPSS: 0.094 (94.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Archlinux Arch_linux
Gentoo Linux
Nixos
Samba Rsync
Tritondatacenter Smartos
Almalinux — versions 8.0, 9.0, 10.0
Red Hat Openshift Compliance Operator 1 — versions sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498
Red Hat Enterprise Linux 10 — versions 0:3.4.1-2.el10
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension — versions 0:3.0.6-12.el6_10.1
Red Hat Enterprise Linux 7 Extended Lifecycle Support — versions 0:3.1.2-12.el7_9.1

Weakness classification (CWE)

CWE-908 — Use of Uninitialized Resource

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2024-12085?: CVE-2024-12085 is a high-severity vulnerability in Archlinux Arch_linux, classified under Use of Uninitialized Resource. CVSS score: 7.5/10. Published 2025-01-14.
How severe is CVE-2024-12085?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2024-12085 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.