On 14 January 2025, the CERT Coordination Center (CERT/CC) published a security advisory detailing multiple vulnerabilities impacting Rsync. The most severe vulnerability is CVE-2024-12084, a critical severity heap buffer overflow vulnerability in the Rsync daemon which can lead to out-of-bounds writes in the buffer. If combined with a second high severity vulnerability, CVE-2024-12085, an information leak via uninitialised stack, a client can execute arbitrary code on a device that has Rsync server running.
Rsync is a widely used utility for file synchronisation and transfer across systems and other applications or services may use it in the background (i.e backup solutions, synchronisation tasks, etc.). Notably, Rsync is also widely used in public mirrors to synchronise and distribute files efficiently across multiple servers. This may cause inadvertent exposure to the vulnerabilities even if Rsync is not directly installed.
Recommendation
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Versions | Fixed Version |
| Rsync | Versions below 3.4.0 | 3.4.0 |
While Rsync has fixes to mitigate these vulnerabilities, the security patch is not automatically applied to software products that use Rsync. The best method for remediating these vulnerabilities in third-party software products is to apply the official security updates from the vendor of each affected software product.
We strongly recommend monitoring software vendor advisories for security updates and applying the available security updates promptly.
