CVE Vulnerabilities

CVE-2024-12086

Detection of Error Condition Without Action

Published: Jan 14, 2025 | Modified: Feb 26, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.1 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Ubuntu
MEDIUM

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the clients machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

Weakness

The product detects a specific error, but takes no actions to handle the error.

Affected Software

Name Vendor Start Version End Version
Rsync Ubuntu devel *
Rsync Ubuntu esm-infra-legacy/trusty *
Rsync Ubuntu esm-infra/bionic *
Rsync Ubuntu esm-infra/xenial *
Rsync Ubuntu focal *
Rsync Ubuntu jammy *
Rsync Ubuntu noble *
Rsync Ubuntu oracular *
Rsync Ubuntu trusty/esm *
Rsync Ubuntu upstream *

Potential Mitigations

References