Overview
Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write,–safe-links bypass, and symbolic-link race condition.
Description
Many backup programs, such as Rclone, DeltaCopy, and ChronoSync use Rsync as backend software for file synchronization. Rsync can also be used in Daemon mode and is widely used in in public mirrors to synchronize and distribute files efficiently across multiple servers.
Following are the discovered vulnerabilities:
CVE-2024-12084 A heap-buffer-overflow vulnerability in the Rsync daemon results in improper handling of attacker-controlled checksum lengths (s2length). When the MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out-of-bounds in the sum2 buffer.
CVE-2024-12085 When Rsync compares file checksums, a vulnerability in the Rsync daemon can be triggered. An attacker could manipulate the checksum length (s2length) to force a comparison between the checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
CVE-2024-12086 A vulnerability in the Rsync daemon could cause a server to leak the contents of arbitrary files from clients’ machines. This happens when files are copied from client to server. During the process, a malicious Rsync server can generate invalid communication tokens and checksums from data the attacker compares. The comparison will trigger the client to ask the server to resend data, which the server can use to guess a checksum. The server could then reprocess data, byte to byte, to determine the contents of the target file.
CVE-2024-12087 A path traversal vulnerability in the Rsync daemon affects the --inc-recursive option, a default-enabled option for many flags that can be enabled by the server even if not explicitly enabled by the client. When using this option, a lack of proper symlink verification coupled with de-duplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could remotely trigger this activity by exploiting symbolic links named after valid client directories/paths.
CVE-2024-12088 A --safe-links option vulnerability results in Rsync failing to properly verify whether the symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary files being written outside of the desired directory.
CVE-2024-12747 Rsync is vulnerable to a symbolic-link race condition, which may lead to privilege escalation. A user could gain access to privileged files on affected servers.
Impact
When combined, the first two vulnerabilities (heap buffer overflow and information leak) allow a client to execute arbitrary code on a device that has an Rsync server running. The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt.
Solution
Apply the latest patches available at https://github.com/RsyncProject/rsync and https://download.samba.org/pub/rsync/src/. Users should run updates on their software as soon as possible. As Rsync can be distributed bundled, ensure any software that provides such updates is also kept current to address these vulnerabilities.
Acknowledgements
Thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research for discovering the first five vulnerabilities; thanks to Aleksei Gorban for discovering the symbolic-link race condition. Finally, thanks to Andrew Tridgell for reporting all of them. This document was written by Dr. Elke Drennan, CISSP.
Vendor Information
AlmaLinux OS Foundation Affected
Statement Date: January 17, 2025
| CVE-2024-12084 | Affected |
| Vendor Statement: | |
| AlmaLinux Kitten 10 is affected. AlmaLinux 8 and 9 are NOT affected. | |
| CVE-2024-12085 | Affected |
| Vendor Statement: | |
| AlmaLinux 8, AlmaLinux 9, and AlmaLinux Kitten 10 are affected. | |
| CVE-2024-12086 | Affected |
| Vendor Statement: | |
| AlmaLinux 8, AlmaLinux 9, and AlmaLinux Kitten 10 are affected. | |
| CVE-2024-12087 | Affected |
| Vendor Statement: | |
| AlmaLinux 8, AlmaLinux 9, and AlmaLinux Kitten 10 are affected. | |
| CVE-2024-12088 | Affected |
| Vendor Statement: | |
| AlmaLinux 8, AlmaLinux 9, and AlmaLinux Kitten 10 are affected. | |
| CVE-2024-12747 | Affected |
| Vendor Statement: | |
| AlmaLinux 8, AlmaLinux 9, and AlmaLinux Kitten 10 are affected. | |
References
Arch Linux Affected
Statement Date: December 02, 2024
| CVE-2024-12084 | Affected |
| CVE-2024-12085 | Affected |
| CVE-2024-12086 | Affected |
| CVE-2024-12087 | Affected |
| CVE-2024-12088 | Affected |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Gentoo Linux Affected
Statement Date: December 04, 2024
| CVE-2024-12084 | Affected |
| CVE-2024-12085 | Affected |
| CVE-2024-12086 | Affected |
| CVE-2024-12087 | Affected |
| CVE-2024-12088 | Affected |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NixOS Affected
Statement Date: January 14, 2025
| CVE-2024-12084 | Affected |
| CVE-2024-12085 | Affected |
| CVE-2024-12086 | Affected |
| CVE-2024-12087 | Affected |
| CVE-2024-12088 | Affected |
| CVE-2024-12747 | Affected |
Vendor Statement
We have not received a statement from the vendor.
References
Red Hat Affected
Statement Date: January 14, 2025
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Affected |
| CVE-2024-12086 | Affected |
| CVE-2024-12087 | Affected |
| CVE-2024-12088 | Affected |
| CVE-2024-12747 | Affected |
Vendor Statement
We have not received a statement from the vendor.
SUSE Linux Affected
Statement Date: January 15, 2025
| CVE-2024-12084 | Affected |
| CVE-2024-12085 | Affected |
| CVE-2024-12086 | Affected |
| CVE-2024-12087 | Affected |
| CVE-2024-12088 | Affected |
| CVE-2024-12747 | Affected |
Vendor Statement
We have not received a statement from the vendor.
Triton Data Center Affected
Statement Date: February 10, 2025
| CVE-2024-12084 | Affected |
| CVE-2024-12085 | Affected |
| CVE-2024-12086 | Affected |
| CVE-2024-12087 | Affected |
| CVE-2024-12088 | Affected |
| CVE-2024-12747 | Affected |
Vendor Statement
SmartOS, an illumos distribution that powers Triton Data Center, ships rsync in the platform image, and it will need to be updated. Additionally some users opt for the pkgsrc version of rsync, which will also need to be updated, or the pkgsrc revision will need to be updated.
SmartOS release-20250123 and later have rsync 3.4.1 in them.
Afero Not Affected
Statement Date: January 09, 2025
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Not Affected |
| CVE-2024-12086 | Not Affected |
| CVE-2024-12087 | Not Affected |
| CVE-2024-12088 | Not Affected |
| CVE-2024-12747 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
AMD Not Affected
Statement Date: January 10, 2025
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Not Affected |
| CVE-2024-12086 | Not Affected |
| CVE-2024-12087 | Not Affected |
| CVE-2024-12088 | Not Affected |
| CVE-2024-12747 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
FreeBSD Not Affected
Statement Date: January 09, 2025
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Not Affected |
| CVE-2024-12086 | Not Affected |
| CVE-2024-12087 | Not Affected |
| CVE-2024-12088 | Not Affected |
| CVE-2024-12747 | Not Affected |
Vendor Statement
FreeBSD does not ship with rsync as part of the base system. rsync is available as part of the FreeBSD ports/pkg system, but the responsibility for analysis of risk lies with the administrator that chooses to install and configure rsync.
HardenedBSD Not Affected
Statement Date: January 14, 2025
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Not Affected |
| CVE-2024-12086 | Not Affected |
| CVE-2024-12087 | Not Affected |
| CVE-2024-12088 | Not Affected |
| CVE-2024-12747 | Not Affected |
Vendor Statement
While HardenedBSD does not ship with rsync, the project's infrastructure uses rsync to sync build artifacts across its mirrors.
Illumos Not Affected
Statement Date: January 07, 2025
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Not Affected |
| CVE-2024-12086 | Not Affected |
| CVE-2024-12087 | Not Affected |
| CVE-2024-12088 | Not Affected |
| CVE-2024-12747 | Not Affected |
Vendor Statement
rsync is not part of illumos per se, but it is part of illumos distributions. Each distribution that includes rsync will need to issue their own statement.
Linux Foundation Not Affected
Statement Date: November 25, 2024
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Not Affected |
| CVE-2024-12086 | Not Affected |
| CVE-2024-12087 | Not Affected |
| CVE-2024-12088 | Not Affected |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NetBSD Not Affected
Statement Date: November 27, 2024
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Not Affected |
| CVE-2024-12086 | Not Affected |
| CVE-2024-12087 | Not Affected |
| CVE-2024-12088 | Not Affected |
| CVE-2024-12747 | Unknown |
Vendor Statement
The NetBSD base system is not affected because it does not ship with rsync.
pkgsrc includes an affected version of rsync as the net/rsync package, and will be updated when rsync upstream releases a fixed version, for all platforms that pkgsrc supports.
Synology Not Affected
Statement Date: December 11, 2024
| CVE-2024-12084 | Not Affected |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Alpine Linux Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Amazon Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Apple Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Arista Networks Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ARM Limited Unknown
Statement Date: November 26, 2024
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Aruba Networks Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Atos SE Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Blackberry QNX Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Broadcom Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Canonical Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CERT-UBIK Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cesanta Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cisco Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Contiki OS Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Debian GNU/Linux Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Dell EMC Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
DesktopBSD Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Diebold Election Systems Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
DragonFly BSD Project Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
EuroLinux Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
F5 Networks Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Facebook Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Google Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Green Hills Software Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hewlett Packard Enterprise Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hitachi Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
HP Inc. Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IBM Numa-Q Division (Formerly Sequent) Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Joyent Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Juniper Networks Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lenovo Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lutomirski Consulting Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
m0n0wall Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Marconi Inc. Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Mbed TLS Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Medtronic Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Micro Focus Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Microsoft Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Monroe Electronics Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Mozilla Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NEC Corporation Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nexenta Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nokia Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OleumTech Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenBSD Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenIndiana Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Openswan Linux IPsec software Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Openwall GNU/*/Linux Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Oracle Corporation Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Rockwell Automation Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Rocky Linux Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Slackware Linux Inc. Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sony Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Systech Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Tizen Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TrueOS Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Turbolinux Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ubuntu Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Unisys Corporation Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Univention Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
VMware Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Wind River Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Xen Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
XigmaNAS Unknown
| CVE-2024-12084 | Unknown |
| CVE-2024-12085 | Unknown |
| CVE-2024-12086 | Unknown |
| CVE-2024-12087 | Unknown |
| CVE-2024-12088 | Unknown |
| CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Other Information
| CVE IDs: | CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 |
| API URL: | VINCE JSON | CSAF |
| Date Public: | 2025-01-14 |
| Date First Published: | 2025-01-14 |
| Date Last Updated: | 2025-02-10 21:43 UTC |
| Document Revision: | 8 |