VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-euxj-8rjr-k3av

Essentials
Severities (75)
References (30)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-euxj-8rjr-k3av
Aliases	CVE-2024-12084
Summary	A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-122	Heap-based Buffer Overflow
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12084.json
cvssv3.1	9.8	https://access.redhat.com/security/cve/CVE-2024-12084
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-12084
ssvc	Track*	https://access.redhat.com/security/cve/CVE-2024-12084
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.02911	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.05686	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.07525	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.09755	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.09755	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.09755	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.09755	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.09755	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.09755	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.11572	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.11572	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.11572	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.13351	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.13351	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.14787	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.14787	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.14787	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.14787	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.14787	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.14787	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.15984	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.16	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.16	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
epss	0.17421	https://api.first.org/data/v1/epss?cve=CVE-2024-12084
cvssv3.1	9.8	https://bugzilla.redhat.com/show_bug.cgi?id=2330527
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2330527
ssvc	Track*	https://bugzilla.redhat.com/show_bug.cgi?id=2330527
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://kb.cert.org/vuls/id/952657
ssvc	Track	https://kb.cert.org/vuls/id/952657
ssvc	Track*	https://kb.cert.org/vuls/id/952657
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-12084
archlinux	Critical	https://security.archlinux.org/AVG-2858

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12084.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-12084
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
		http://www.openwall.com/lists/oss-security/2025/01/14/6
2330527		https://bugzilla.redhat.com/show_bug.cgi?id=2330527
952657		https://kb.cert.org/vuls/id/952657
ASA-202501-1		https://security.archlinux.org/ASA-202501-1
AVG-2858		https://security.archlinux.org/AVG-2858
cpe:2.3:a:samba:rsync:3.2.7:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:rsync:3.2.7:-::::::
cpe:2.3:a:samba:rsync:3.3.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:rsync:3.3.0:-::::::
cpe:2.3:o:almalinux:almalinux:10.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:almalinux:almalinux:10.0:-::::::
cpe:2.3:o:archlinux:arch_linux:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:archlinux:arch_linux:-:::::::*
cpe:2.3:o:gentoo:linux:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:gentoo:linux:-:::::::*
cpe:2.3:o:nixos:nixos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:nixos:nixos::::::::
cpe:2.3:o:nixos:nixos:24.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:nixos:nixos:24.11:::::::*
cpe:2.3:o:novell:suse_linux:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux:-:::::::*
cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*
cpe:2.3:o:tritondatacenter:smartos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:tritondatacenter:smartos::::::::
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2024-12084		https://access.redhat.com/security/cve/CVE-2024-12084
CVE-2024-12084		https://nvd.nist.gov/vuln/detail/CVE-2024-12084
GLSA-202501-01		https://security.gentoo.org/glsa/202501-01
USN-7206-1		https://usn.ubuntu.com/7206-1/
USN-7206-3		https://usn.ubuntu.com/7206-3/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12084.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2024-12084

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:38:10Z/ Found at https://access.redhat.com/security/cve/CVE-2024-12084

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-26T14:11:19Z/ Found at https://access.redhat.com/security/cve/CVE-2024-12084

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2330527

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:38:10Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2330527

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-26T14:11:19Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2330527

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://kb.cert.org/vuls/id/952657

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-15T14:38:10Z/ Found at https://kb.cert.org/vuls/id/952657

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-26T14:11:19Z/ Found at https://kb.cert.org/vuls/id/952657

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-12084

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.29751
EPSS Score	0.00063
Published At	Jan. 16, 2025, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-12-18T04:08:51.519698+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	35.0.0