Cyber Resilience

CVE-2024-12084

CriticalPublic PoC

Published: 15 January 2025

Published
15 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0488 89.8th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12084 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Samba Rsync. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

A heap-based buffer overflow vulnerability, tracked as CVE-2024-12084, affects the rsync daemon. The flaw stems from improper handling of attacker-controlled checksum lengths (s2length) in the code, which allows an out-of-bounds write to the sum2 buffer when MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH of 16 bytes. It is assigned CWE-122 and CWE-787 and carries a CVSS 3.1 score of 9.8.

An unauthenticated remote attacker can exploit the issue over the network by sending a crafted checksum length value to a vulnerable rsync daemon. Successful exploitation can result in arbitrary code execution, data corruption, or a crash, granting the attacker full confidentiality, integrity, and availability impact on the affected system.

Red Hat has published advisory RHBA-2025:6470 and a corresponding CVE entry that direct users to apply the available errata packages. Additional details appear in the Red Hat Bugzilla entry, CERT VU#952657, and the oss-security mailing list posting from January 2025.

The associated EPSS score remains low, with a current value of 0.0488 and a peak of 0.0507.

EU & UK References

Vulnerability details

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of…

more

bounds in the sum2 buffer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Heap buffer overflow and related flaws in rsync daemon enable remote code execution on servers via anonymous client access (T1068, T1190, T1210); file leak vulnerability facilitates collection of arbitrary data from clients' local systems (T1005).

CVEs Like This One

CVE-2024-12088Same product: Almalinux Almalinux
CVE-2024-12087Same product: Almalinux Almalinux
CVE-2024-12085Same product: Almalinux Almalinux
CVE-2025-62799Shared CWE-122, CWE-787
CVE-2025-57709Shared CWE-122, CWE-787
CVE-2023-4911Same product: Redhat Enterprise Linux
CVE-2026-5187Shared CWE-122, CWE-787
CVE-2025-54574Shared CWE-122, CWE-787
CVE-2026-21236Shared CWE-122, CWE-787
CVE-2026-21245Shared CWE-122, CWE-787

Affected Assets

samba
rsync
3.2.7, 3.3.0
almalinux
almalinux
10.0
archlinux
arch linux
all versions
gentoo
linux
all versions
nixos
nixos
24.11 · ≤ 24.11
novell
suse linux
all versions
tritondatacenter
smartos
≤ 20250123
redhat
enterprise linux
10.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation directly addresses the heap-based buffer overflow in rsync daemon by applying vendor patches like RHBA-2025:6470 to eliminate the vulnerability.

prevent

Memory protection mechanisms such as heap isolation and randomization mitigate exploitation of the out-of-bounds write in the sum2 buffer.

prevent

Information input validation enforces bounds checking on attacker-controlled checksum lengths like s2length to prevent exceeding the fixed SUM_LENGTH.

References