{"id":"JLSEC-2025-324","summary":"A flaw was found in rsync which could be triggered when rsync compares file checksums","details":"A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.","modified":"2025-11-25T23:03:41.939582Z","published":"2025-11-25T22:50:06.167Z","upstream":["CVE-2024-12085"],"database_specific":{"license":"CC-BY-4.0","sources":[{"id":"CVE-2024-12085","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-12085","modified":"2025-11-20T21:15:59.487Z","imported":"2025-11-25T22:38:07.417Z","published":"2025-01-14T18:15:25.123Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-12085"}]},"references":[{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0324"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0325"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0637"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0688"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0714"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0774"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0787"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0790"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0849"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0884"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0885"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:1120"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:1123"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:1128"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:1225"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:1227"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:1242"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:1451"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:21885"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:2701"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2024-12085"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330539"},{"type":"WEB","url":"https://kb.cert.org/vuls/id/952657"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20250131-0002/"},{"type":"WEB","url":"https://www.kb.cert.org/vuls/id/952657"},{"type":"WEB","url":"https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"}],"affected":[{"package":{"name":"rsync_jll","ecosystem":"Julia","purl":"pkg:julia/rsync_jll?uuid=191d6b87-264a-55f5-a0e2-c8fbce9a1ce0"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.3.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-324.json"}}],"schema_version":"1.7.3"}