A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
CVE ID: CVE-2024-12085
Vendor: Red Hat
Product: Red Hat Enterprise Linux 6
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 19.35% (scored less or equal to compared to others)
EPSS Date: 2025-02-12 (when was this score calculated)