Nick Tait <nt...@redhat.com> wrote: > [1] Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling > > CVE ID: CVE-2024-12084 > > CVSS 3.1: 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H > > Description: A heap-based buffer overflow flaw was found in the rsync > daemon. This issue is due to improper handling of attacker-controlled > checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the > fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the > sum2 buffer.
Does anybody know if this issue is also present in the code executing when you use SSH instead of rsyncd? I'd expect the "rsync --server --sender" functionality to possibly (likely?) share code here, but the current description might lead folks to not consider this scenario and only look for cases where they offer rsyncd (e.g., port 873). -Jan
