CVE-2024-12087

Published Jan 14, 2025

Last updated 9 days ago

CVSS medium 6.5
Firmware

Overview

Description
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
Source
secalert@redhat.com
NVD status
Modified
Products
rsync, almalinux, arch_linux, linux, nixos, suse_linux, smartos, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_arm_64, enterprise_linux_for_arm_64_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_server_aus, enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, enterprise_linux_update_services_for_sap_solutions

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score
Not currently trending

  1. URGENT: #Oracle Linux 7 admins must patch rsync vulnerability CVE-2024-12087 (ELSA-2025-23415). Read more: 👉 https://t.co/bFsIo6QGLL #Security https://t.co/r7mPR95mCW

    @Cezar_H_Linux

    6 Jan 2026

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Vulnerabilidades críticas en rsync https://t.co/RYsv5c5cA2… CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087/12088 https://t.co/IVb6Af1eJ5… https://t.co/DSuiDrvg49

    @doncaptador

    2 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Vulnerabilidades críticas en rsync https://t.co/GGCeKTqsNn CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087/12088 https://t.co/32SfTO2Dt8 https://t.co/VG0QeYp6qr

    @elhackernet

    28 Feb 2025

    2126 Impressions

    14 Retweets

    31 Likes

    8 Bookmarks

    0 Replies

    2 Quotes

  4. CVE-2024-12747,CVE-2024-12088,CVE-2024-12087,CVE-2024-12085,CVE-2024-12084 alert 🚨 RSYNC: Multiples vulnerabilities leading to Remote Code Execution The vulnerabilities have been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #rsync https

    @Patrowl_io

    22 Jan 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.CVE-2025-14858
  2. A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.CVE-2026-5704
  3. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  4. A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.CVE-2026-35092
  5. A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.CVE-2026-35091

References

Sources include official advisories and independent security research.