Summary: Multiple security vulnerabilities have been found in the Rsync file-synchronizing tool, potentially allowing attackers to execute arbitrary code on connected clients. The vulnerabilities include heap-buffer overflow and information disclosure, among others, posing significant risks to users.
Threat Actor: Unknown | unknown
Victim: Rsync users | Rsync users
Key Point :
- Six vulnerabilities disclosed, including CVE-2024-12084 with a CVSS score of 9.8 for heap-buffer overflow.
- Attackers can exploit these vulnerabilities to read/write arbitrary files and execute malicious code on clients.
- Patches are available in Rsync version 3.4.0; mitigations recommended for users unable to update.
Source: https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html