CVE-2024-12086

🗓️ 14 Jan 2025 17:37:54Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 139 Views

Rsync server allows arbitrary client file leakage through specially crafted checksum values.

Reporter	Title	Published	Views	Family All 208
FreeBSD	rsync -- Multiple security fixes	14 Jan 202500:00	–	freebsd
ATTACKERKB	CVE-2024-12086	14 Jan 202518:15	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-800)	14 Jan 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-801)	17 Jan 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : rsync (ALAS-2025-2730)	14 Jan 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : rsync (ALAS-2025-2731)	17 Jan 202500:00	–	nessus
Tenable Nessus	Amazon Linux AMI : rsync (ALAS-2025-1954)	15 Jan 202500:00	–	nessus
Tenable Nessus	Amazon Linux AMI : rsync (ALAS-2025-1955)	17 Jan 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: rsync (CVE-2024-12086)	10 Feb 202500:00	–	nessus
Tenable Nessus	CentOS 9 : rsync-3.2.5-7.el9	13 May 202600:00	–	nessus

NVD

Node

samba rsyncRange≤3.3.0

Node

redhat openshift_container_platformMatch4.0

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

redhat enterprise_linuxMatch10.0

Node

almalinux almalinuxMatch8.0-

almalinux almalinuxMatch9.0-

almalinux almalinuxMatch10.0-

Node

archlinux arch_linuxMatch-

Node

gentoo linuxMatch-

Node

nixos nixosRange<24.11

Node

suse suse_linuxMatch-

Node

tritondatacenter smartosRange<20250123

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "3.3.0"
      }
    ],
    "packageName": "rsync",
    "collectionURL": "https://github.com/RsyncProject/rsync",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rsync",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.4.1-2.el10",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10.0"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rsync",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.2.5-7.el9_8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rsync",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.2.5-7.el9_8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rsync",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.2.5-3.el9_6.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.6::appstream",
      "cpe:/o:redhat:rhel_eus:9.6::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rsync",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rsync",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rsync",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhcos",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2026:19368
access	www.access.redhat.com/security/cve/CVE-2024-12086
access	www.access.redhat.com/errata/RHBA-2025:6470
kb	www.kb.cert.org/vuls/id/952657
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2026:20603
security	www.security.netapp.com/advisory/ntap-20250131-0002/
kb	www.kb.cert.org/vuls/id/952657
github	www.github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
lists	www.lists.debian.org/debian-lts-announce/2025/01/msg00008.html

26 May 2026 07:16Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1 - 6.8

EPSS0.01913

SSVC

CWE-390