CVE-2024-12087

Published Jan 14, 2025

Last updated 2 months ago

CVSS medium 6.5
Firmware

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-12087 is a path traversal vulnerability found in the rsync utility. This vulnerability is related to the `--inc-recursive` option, which is enabled by default for many client options and can also be enabled by the server. The vulnerability arises from insufficient symlink verification combined with deduplication checks performed on each file list. This allows a malicious server to write files outside the client's intended directory, potentially placing malicious files in arbitrary locations disguised as valid directories or paths on the client system.

Description
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
Source
secalert@redhat.com
NVD status
Modified
Products
rsync, almalinux, arch_linux, linux, nixos, suse_linux, smartos, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_arm_64, enterprise_linux_for_arm_64_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_server_aus, enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, enterprise_linux_update_services_for_sap_solutions

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score
Not currently trending

  1. 本日はCVE-2024-12087を確認。影響のあるソフトウェアはCisco AnyConnect。リモートコード実行が可能で、CVSSスコアは8.5。詳細な解析が必要。

    @Joe_Biden_ja

    23 Jun 2026

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. URGENT: #Oracle Linux 7 admins must patch rsync vulnerability CVE-2024-12087 (ELSA-2025-23415). Read more: 👉 https://t.co/bFsIo6QGLL #Security https://t.co/r7mPR95mCW

    @Cezar_H_Linux

    6 Jan 2026

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Vulnerabilidades críticas en rsync https://t.co/RYsv5c5cA2… CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087/12088 https://t.co/IVb6Af1eJ5… https://t.co/DSuiDrvg49

    @doncaptador

    2 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Vulnerabilidades críticas en rsync https://t.co/GGCeKTqsNn CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087/12088 https://t.co/32SfTO2Dt8 https://t.co/VG0QeYp6qr

    @elhackernet

    28 Feb 2025

    2126 Impressions

    14 Retweets

    31 Likes

    8 Bookmarks

    0 Replies

    2 Quotes

  5. CVE-2024-12747,CVE-2024-12088,CVE-2024-12087,CVE-2024-12085,CVE-2024-12084 alert 🚨 RSYNC: Multiples vulnerabilities leading to Remote Code Execution The vulnerabilities have been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #rsync https

    @Patrowl_io

    22 Jan 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.CVE-2026-1766
  2. A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.CVE-2026-1767
  3. A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.CVE-2026-1764
  4. A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication, resulting in denial of service.CVE-2026-11790
  5. A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.CVE-2026-11789

References

Sources include official advisories and independent security research.