On January 14, 2025, the CERT Coordination Center (CERT/CC) published a security advisory detailing multiple vulnerabilities impacting Rsync. The most severe vulnerability is CVE-2024-12084, a critical severity heap buffer overflow vulnerability in the Rsync daemon which can lead to out-of-bounds writes in the buffer. If combined with a second high severity vulnerability, CVE-2024-12085, an information leak via uninitialized stack, a client can execute arbitrary code on a device that has Rsync server running.
Rsync is a widely used utility for file synchronization and transfer across systems and other applications or services may use it in the background (i.e backup solutions, synchronization tasks, etc.). Notably, Rsync is also widely used in public mirrors to synchronize and distribute files efficiently across multiple servers. This may cause inadvertent exposure to the vulnerabilities even if Rsync is not directly installed.
Recommendation
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Versions | Fixed Version |
| Rsync | Versions below 3.4.0 | 3.4.0 |
While Rsync has fixes to mitigate these vulnerabilities, the security patch is not automatically applied to software products that use Rsync. The best method for remediating these vulnerabilities in third-party software products is to apply the official security updates from the vendor of each affected software product.
We strongly recommend monitoring software vendor advisories for security updates and applying the available security updates promptly.
References
Resources
