A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Weakness
The product uses or accesses a resource that has not been initialized.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rsync | Samba | * | 3.3.0 (excluding) |
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | RedHat | rsync-0:3.0.6-12.el6_10.1 | * |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | rsync-0:3.1.2-12.el7_9.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | rsync-0:3.1.3-20.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | rsync-0:3.1.3-7.el8_2.3 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | rsync-0:3.1.3-12.el8_4.3 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | rsync-0:3.1.3-12.el8_4.3 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | rsync-0:3.1.3-12.el8_4.3 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | rsync-0:3.1.3-14.el8_6.6 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | rsync-0:3.1.3-14.el8_6.6 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | rsync-0:3.1.3-14.el8_6.6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | rsync-0:3.1.3-20.el8_8.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | rsync-0:3.2.3-20.el9_5.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | rsync-0:3.2.3-20.el9_5.1 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | rsync-0:3.2.3-9.el9_0.3 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | rsync-0:3.2.3-19.el9_2.1 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | rsync-0:3.2.3-19.el9_4.1 | * |
| Red Hat OpenShift Container Platform 4.12 | RedHat | rhcos-412.86.202502100314-0 | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | rhcos-413.92.202503112237-0 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | rhcos-414.92.202502111902-0 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | rhcos-415.92.202501281917-0 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | openshift4/ose-ansible-rhel9-operator:v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | openshift4/ose-helm-rhel9-operator:v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | openshift4/ose-operator-sdk-rhel9:v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | rhcos-417.94.202502051822-0 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/cluster-logging-operator-bundle:v5.8.17-22 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/cluster-logging-rhel9-operator:v5.8.17-10 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/elasticsearch6-rhel9:v6.8.1-454 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/elasticsearch-operator-bundle:v5.8.17-17 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-537 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/elasticsearch-rhel9-operator:v5.8.17-4 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/eventrouter-rhel9:v0.4.0-339 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/fluentd-rhel9:v5.8.17-4 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-320 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/logging-curator5-rhel9:v5.8.1-552 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/logging-loki-rhel9:v3.3.2-9 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/logging-view-plugin-rhel9:v5.8.17-5 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/loki-operator-bundle:v5.8.17-12 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/loki-rhel9-operator:v5.8.17-5 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/lokistack-gateway-rhel9:v0.1.0-725 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/opa-openshift-rhel9:v0.1.0-342 | * |
| RHOL-5.8-RHEL-9 | RedHat | openshift-logging/vector-rhel9:v0.28.1-88 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/cluster-logging-operator-bundle:v5.9.11-25 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/cluster-logging-rhel9-operator:v5.9.11-11 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/eventrouter-rhel9:v0.4.0-340 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/fluentd-rhel9:v5.9.11-5 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-321 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/logging-loki-rhel9:v3.3.2-8 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/logging-view-plugin-rhel9:v5.9.11-6 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/loki-operator-bundle:v5.9.11-9 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/loki-rhel9-operator:v5.9.11-4 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/lokistack-gateway-rhel9:v0.1.0-724 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/opa-openshift-rhel9:v0.1.0-341 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/vector-rhel9:v0.34.1-30 | * |
| Compliance Operator 1 | RedHat | compliance/openshift-compliance-must-gather-rhel8:sha256:9131ef184c616ec8a2aee2781dfe0c083463a9bfbdfaf59028bd5f626a9eb676 | * |
| Rsync | Ubuntu | devel | * |
| Rsync | Ubuntu | esm-infra-legacy/trusty | * |
| Rsync | Ubuntu | esm-infra/bionic | * |
| Rsync | Ubuntu | esm-infra/focal | * |
| Rsync | Ubuntu | esm-infra/xenial | * |
| Rsync | Ubuntu | focal | * |
| Rsync | Ubuntu | jammy | * |
| Rsync | Ubuntu | noble | * |
| Rsync | Ubuntu | oracular | * |
| Rsync | Ubuntu | trusty/esm | * |
| Rsync | Ubuntu | upstream | * |
Potential Mitigations
References
- https://access.redhat.com/errata/RHSA-2025:0324
- https://access.redhat.com/errata/RHSA-2025:0325
- https://access.redhat.com/errata/RHSA-2025:0637
- https://access.redhat.com/errata/RHSA-2025:0688
- https://access.redhat.com/errata/RHSA-2025:0714
- https://access.redhat.com/errata/RHSA-2025:0774
- https://access.redhat.com/errata/RHSA-2025:0787
- https://access.redhat.com/errata/RHSA-2025:0790
- https://access.redhat.com/errata/RHSA-2025:0849
- https://access.redhat.com/errata/RHSA-2025:0884
- https://access.redhat.com/errata/RHSA-2025:0885
- https://access.redhat.com/errata/RHSA-2025:1120
- https://access.redhat.com/errata/RHSA-2025:1123
- https://access.redhat.com/errata/RHSA-2025:1128
- https://access.redhat.com/errata/RHSA-2025:1225
- https://access.redhat.com/errata/RHSA-2025:1227
- https://access.redhat.com/errata/RHSA-2025:1242
- https://access.redhat.com/errata/RHSA-2025:1451
- https://access.redhat.com/errata/RHSA-2025:21885
- https://access.redhat.com/errata/RHSA-2025:2701
- https://access.redhat.com/security/cve/CVE-2024-12085
- https://bugzilla.redhat.com/show_bug.cgi?id=2330539
- https://kb.cert.org/vuls/id/952657
- https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
- https://security.netapp.com/advisory/ntap-20250131-0002/
- https://www.kb.cert.org/vuls/id/952657
- https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj