NVD脆弱性詳細

CVE-2024-12085

概要	A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
概要	Se encontró un fallo en rsync daemon que podría activarse cuando rsync compara sumas de comprobación de archivos. Este fallo permite a un atacante manipular la longitud de la suma de comprobación (s2length) para provocar una comparación entre una suma de comprobación y una memoria no inicializada y filtrar un byte de datos de pila no inicializados a la vez.
公表日	2025年1月15日3:15
登録日	2025年1月16日4:05
最終更新日	2026年4月15日7:16

CVSS3.1 : HIGH
スコア	7.5
ベクター	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	なし
可用性への影響(A)	なし

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:samba:rsync::::::::				3.3.0
cpe:2.3:a:redhat:openshift:5.0:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.16:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.17:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.8_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:::::::*
cpe:2.3:o:almalinux:almalinux:8.0:-::::::
cpe:2.3:o:almalinux:almalinux:9.0:-::::::
cpe:2.3:o:almalinux:almalinux:10.0:-::::::
cpe:2.3:o:archlinux:arch_linux:-:::::::*
cpe:2.3:o:gentoo:linux:-:::::::*
cpe:2.3:o:nixos:nixos::::::::				24.11
cpe:2.3:o:suse:suse_linux:-:::::::*
cpe:2.3:o:tritondatacenter:smartos::::::::				20250123

関連情報、対策とツール

No	URL	refsource
1	https://access.redhat.com/errata/RHBA-2025:6470	secalert@redhat.com
2	https://access.redhat.com/errata/RHSA-2025:0324	secalert@redhat.com
3	https://access.redhat.com/errata/RHSA-2025:0325	secalert@redhat.com
4	https://access.redhat.com/errata/RHSA-2025:0637	secalert@redhat.com
5	https://access.redhat.com/errata/RHSA-2025:0688	secalert@redhat.com
6	https://access.redhat.com/errata/RHSA-2025:0714	secalert@redhat.com
7	https://access.redhat.com/errata/RHSA-2025:0774	secalert@redhat.com
8	https://access.redhat.com/errata/RHSA-2025:0787	secalert@redhat.com
9	https://access.redhat.com/errata/RHSA-2025:0790	secalert@redhat.com
10	https://access.redhat.com/errata/RHSA-2025:0849	secalert@redhat.com
11	https://access.redhat.com/errata/RHSA-2025:0884	secalert@redhat.com
12	https://access.redhat.com/errata/RHSA-2025:0885	secalert@redhat.com
13	https://access.redhat.com/errata/RHSA-2025:1120	secalert@redhat.com
14	https://access.redhat.com/errata/RHSA-2025:1123	secalert@redhat.com
15	https://access.redhat.com/errata/RHSA-2025:1128	secalert@redhat.com
16	https://access.redhat.com/errata/RHSA-2025:1225	secalert@redhat.com
17	https://access.redhat.com/errata/RHSA-2025:1227	secalert@redhat.com
18	https://access.redhat.com/errata/RHSA-2025:1242	secalert@redhat.com
19	https://access.redhat.com/errata/RHSA-2025:1451	secalert@redhat.com
20	https://access.redhat.com/errata/RHSA-2025:21885	secalert@redhat.com
21	https://access.redhat.com/errata/RHSA-2025:2701	secalert@redhat.com
22	https://access.redhat.com/security/cve/CVE-2024-12085	secalert@redhat.com
23	https://bugzilla.redhat.com/show_bug.cgi?id=2330539	secalert@redhat.com
24	https://kb.cert.org/vuls/id/952657	secalert@redhat.com
25	https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html	af854a3a-2127-422b-91ae-364da2661108
26	https://security.netapp.com/advisory/ntap-20250131-0002/	af854a3a-2127-422b-91ae-364da2661108
27	https://www.kb.cert.org/vuls/id/952657	af854a3a-2127-422b-91ae-364da2661108
28	https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj	134c704f-9b21-4f2e-91b3-4a467353bcc0

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-908	初期化されていないリソースの使用	https://cwe.mitre.org/data/definitions/908.html

JVN脆弱性情報

Samba Project の rsync 等複数ベンダの製品における初期化されていないリソースの使用に関する脆弱性

タイトル	Samba Project の rsync 等複数ベンダの製品における初期化されていないリソースの使用に関する脆弱性
概要	Samba Project の rsync 等複数ベンダの製品には、初期化されていないリソースの使用に関する脆弱性が存在します。
想定される影響	情報を取得される可能性があります。
対策	参考情報を参照して適切な対策を実施してください。
公表日	2024年12月3日0:00
登録日	2025年7月18日17:39
最終更新日	2025年9月22日10:30

影響を受けるシステム

AlmaLinux OS Foundation

AlmaLinux 10.0

AlmaLinux 8.0

AlmaLinux 9.0

Arch Linux

レッドハット

enterprise linux for arm 64 8.0 aarch64

enterprise linux for arm 64 9.0 aarch64

enterprise linux for arm 64 9.2 aarch64

enterprise linux for arm 64 eus 8.8 aarch64

enterprise linux for arm 64 eus 9.4 aarch64

enterprise linux for arm 64 eus 9.6 aarch64

enterprise linux update services for sap solutions

Red Hat Enterprise Linux 8.0

Red Hat Enterprise Linux 9.0

Red Hat Enterprise Linux EUS 8.8

Red Hat Enterprise Linux EUS 9.2

Red Hat Enterprise Linux EUS 9.4

Red Hat Enterprise Linux EUS 9.6

Red Hat Enterprise Linux for IBM z Systems 8.0 s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support

Red Hat Enterprise Linux for Power Little Endian Update Services for SAP Solutions

Red Hat Enterprise Linux for Power, little endian

Red Hat Enterprise Linux for Power, little endian - Extended Update Support

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server AUS

Red Hat Enterprise Linux Server TUS

Red Hat OpenShift 5.0

Red Hat OpenShift Container Platform 4.12

Red Hat OpenShift Container Platform 4.13

Red Hat OpenShift Container Platform 4.14

Red Hat OpenShift Container Platform 4.15

Red Hat OpenShift Container Platform 4.16

Red Hat OpenShift Container Platform 4.17

Samba Project

rsync 3.3.0 未満

日本電気

UNIVERGE Network Operation Engine

Gentoo Linux

SUSE

SUSE LINUX

NixOS

NixOS 24.11 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-12085	https://www.cve.org/CVERecord?id=CVE-2024-12085
National Vulnerability Database (NVD)
2	CVE-2024-12085	https://nvd.nist.gov/vuln/detail/CVE-2024-12085

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html
2	CWE-908	http://cwe.mitre.org/data/definitions/908.html

ベンダー情報

No	名前	URL
NEC製品セキュリティ情報
1	NV25-004	https://jpn.nec.com/security-info/secinfo/nv25-004.html

その他

No	名前	URL
JVN
1	JVNVU#94903505	https://jvn.jp/vu/JVNVU94903505/
関連文書
2	access.redhat.com (CVE-2024-12085)	https://access.redhat.com/security/cve/CVE-2024-12085
3	access.redhat.com (RHSA-2025:0324)	https://access.redhat.com/errata/RHSA-2025:0324
4	access.redhat.com (RHSA-2025:0325)	https://access.redhat.com/errata/RHSA-2025:0325
5	access.redhat.com (RHSA-2025:0637)	https://access.redhat.com/errata/RHSA-2025:0637
6	access.redhat.com (RHSA-2025:0688)	https://access.redhat.com/errata/RHSA-2025:0688
7	access.redhat.com (RHSA-2025:0714)	https://access.redhat.com/errata/RHSA-2025:0714
8	access.redhat.com (RHSA-2025:0774)	https://access.redhat.com/errata/RHSA-2025:0774
9	access.redhat.com (RHSA-2025:0787)	https://access.redhat.com/errata/RHSA-2025:0787
10	access.redhat.com (RHSA-2025:0790)	https://access.redhat.com/errata/RHSA-2025:0790
11	access.redhat.com (RHSA-2025:0849)	https://access.redhat.com/errata/RHSA-2025:0849
12	access.redhat.com (RHSA-2025:0884)	https://access.redhat.com/errata/RHSA-2025:0884
13	access.redhat.com (RHSA-2025:0885)	https://access.redhat.com/errata/RHSA-2025:0885
14	access.redhat.com (RHSA-2025:1120)	https://access.redhat.com/errata/RHSA-2025:1120
15	access.redhat.com (RHSA-2025:1123)	https://access.redhat.com/errata/RHSA-2025:1123
16	access.redhat.com (RHSA-2025:1128)	https://access.redhat.com/errata/RHSA-2025:1128
17	access.redhat.com (RHSA-2025:1225)	https://access.redhat.com/errata/RHSA-2025:1225
18	access.redhat.com (RHSA-2025:1227)	https://access.redhat.com/errata/RHSA-2025:1227
19	access.redhat.com (RHSA-2025:1242)	https://access.redhat.com/errata/RHSA-2025:1242
20	access.redhat.com (RHSA-2025:1451)	https://access.redhat.com/errata/RHSA-2025:1451
21	access.redhat.com (RHSA-2025:2701)	https://access.redhat.com/errata/RHSA-2025:2701
22	bugzilla.redhat.com (2330539)	https://bugzilla.redhat.com/show_bug.cgi?id=2330539
23	github.com (GHSA-p5pg-x43v-mvqj)	https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
24	kb.cert.org (id/952657)	https://kb.cert.org/vuls/id/952657

変更履歴

No	変更内容	変更日
1	[2025年07月18日] 掲載	2025年7月18日17:39
2	[2025年09月22日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日本電気 (NV25-004) を追加	2025年9月22日10:30

構成1	以上	以下	より上	未満
cpe:2.3:a:samba:rsync::::::::				3.3.0
cpe:2.3:a:redhat:openshift:5.0:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.16:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.17:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.8_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:::::::*
cpe:2.3:o:almalinux:almalinux:8.0:-::::::
cpe:2.3:o:almalinux:almalinux:9.0:-::::::
cpe:2.3:o:almalinux:almalinux:10.0:-::::::
cpe:2.3:o:archlinux:arch_linux:-:::::::*
cpe:2.3:o:gentoo:linux:-:::::::*
cpe:2.3:o:nixos:nixos::::::::				24.11
cpe:2.3:o:suse:suse_linux:-:::::::*
cpe:2.3:o:tritondatacenter:smartos::::::::				20250123