Google Cloud Researchers Identify Vulnerabilities in Rsync Tool
/ 1 min read
🛠️ Critical vulnerabilities discovered in Rsync file-synchronizing tool. Six security flaws have been identified in Rsync, a widely used file-synchronizing tool for Unix systems, potentially allowing attackers to execute arbitrary code on connected clients. The vulnerabilities include a heap-buffer overflow and information disclosure, with the most severe flaw (CVE-2024-12084) scoring 9.8 on the CVSS scale, enabling code execution with only anonymous read access to a server. Researchers from Google Cloud Vulnerability Research reported the first five issues, while a separate researcher identified a race condition. Patches have been released in Rsync version 3.4.0, and users unable to update are advised to implement specific mitigations to enhance security.
