CVE-2024-12087
Rsync: path traversal vulnerability in rsync
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker could use this issue to execute arbitrary code. Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync compared checksums with uninitialized memory. An attacker could exploit this issue to leak sensitive information. Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync incorrectly handled file checksums. A malicious server could use this to expose arbitrary client files.
*Credits:
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-12-03 CVE Reserved
- 2025-01-14 CVE Published
- 2025-07-19 EPSS Updated
- 2025-08-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-35: Path Traversal: '.../...//'
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://kb.cert.org/vuls/id/952657 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-12087 | 2025-01-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2330672 | 2025-01-14 | |
| https://access.redhat.com/errata/RHSA-2025:2600 | 2025-08-12 | |
| https://access.redhat.com/errata/RHSA-2025:7050 | 2025-08-12 | |
| https://access.redhat.com/errata/RHSA-2025:8385 | 2025-08-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Red Hat Search vendor "Red Hat" | Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Discovery Search vendor "Redhat" for product "Discovery" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Rsync Search vendor "Samba" for product "Rsync" | * | - |
Affected
| ||||||
| Alibabacloud Search vendor "Alibabacloud" | Alibaba Cloud Linux 3 Search vendor "Alibabacloud" for product "Alibaba Cloud Linux 3" | * | - |
Affected
| ||||||
| Alma Search vendor "Alma" | Linux Search vendor "Alma" for product "Linux" | * | - |
Affected
| ||||||
| Almalinux Search vendor "Almalinux" | Almalinux Search vendor "Almalinux" for product "Almalinux" | * | - |
Affected
| ||||||
| Amazon Search vendor "Amazon" | Linux Search vendor "Amazon" for product "Linux" | * | - |
Affected
| ||||||
| Archlinux Search vendor "Archlinux" | Arch Linux Search vendor "Archlinux" for product "Arch Linux" | * | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Affected
| ||||||
| Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | * | - |
Affected
| ||||||
| Nixos Search vendor "Nixos" | Nixos Search vendor "Nixos" for product "Nixos" | * | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Eus Search vendor "Redhat" for product "Enterprise Linux For Arm 64 Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Update Services For Sap Solutions" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
| Slackware Search vendor "Slackware" | Slackware Linux Search vendor "Slackware" for product "Slackware Linux" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-basesystem Search vendor "Suse" for product "Sle-module-basesystem" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss-extended-security Search vendor "Suse" for product "Sles-ltss-extended-security" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse-manager-proxy Search vendor "Suse" for product "Suse-manager-proxy" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse-manager-server Search vendor "Suse" for product "Suse-manager-server" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | * | - |
Affected
| ||||||
| Tritondatacenter Search vendor "Tritondatacenter" | Smartos Search vendor "Tritondatacenter" for product "Smartos" | * | - |
Affected
| ||||||