CVE-2024-12084
Published: 15 January 2025
Summary
CVE-2024-12084 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Samba Rsync. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
A heap-based buffer overflow vulnerability, tracked as CVE-2024-12084, affects the rsync daemon. The flaw stems from improper handling of attacker-controlled checksum lengths (s2length) in the code, which allows an out-of-bounds write to the sum2 buffer when MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH of 16 bytes. It is assigned CWE-122 and CWE-787 and carries a CVSS 3.1 score of 9.8.
An unauthenticated remote attacker can exploit the issue over the network by sending a crafted checksum length value to a vulnerable rsync daemon. Successful exploitation can result in arbitrary code execution, data corruption, or a crash, granting the attacker full confidentiality, integrity, and availability impact on the affected system.
Red Hat has published advisory RHBA-2025:6470 and a corresponding CVE entry that direct users to apply the available errata packages. Additional details appear in the Red Hat Bugzilla entry, CERT VU#952657, and the oss-security mailing list posting from January 2025.
The associated EPSS score remains low, with a current value of 0.0488 and a peak of 0.0507.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50580
Vulnerability details
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of…
more
bounds in the sum2 buffer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow and related flaws in rsync daemon enable remote code execution on servers via anonymous client access (T1068, T1190, T1210); file leak vulnerability facilitates collection of arbitrary data from clients' local systems (T1005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation directly addresses the heap-based buffer overflow in rsync daemon by applying vendor patches like RHBA-2025:6470 to eliminate the vulnerability.
Memory protection mechanisms such as heap isolation and randomization mitigate exploitation of the out-of-bounds write in the sum2 buffer.
Information input validation enforces bounds checking on attacker-controlled checksum lengths like s2length to prevent exceeding the fixed SUM_LENGTH.