Rsync Security Update Advisory

Jan 20 2025

Overview

We have released a security update to address a vulnerability in Rsync. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-12084, CVE-2024-12085

Rsync Version: ~ 3.3.0 (inclusive)

Resolved Vulnerabilities

Heap buffer overflow vulnerability in Rsync due to improper checksum length handling (CVE-2024-12084)
information leak vulnerability via uninitialized stack contents (CVE-2024-12085)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-12084, CVE-2024-12085

Rsync version: 3.4.0 or at least

References

[1] Rsync Buffer Overflow and Information Disclosure Vulnerability (CVE-2024-12084/CVE-2024-12085) Notification
https://nsfocusglobal.com/rsync-buffer-overflow-and-information-disclosure-vulnerability-cve-2024-12084-cve-2024-12085-notification/

Rsync Security Update Advisory

GitHub Product Security Update Advisory (CVE-2024-52005)

NVIDIA Product Security Update Advisory

Tags:

GitHub Product Security Update Advisory (CVE-2024-52005)

NVIDIA Product Security Update Advisory