Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2024-12084

created 4 months, 3 weeks ago

Rsync: heap buffer overflow in rsync due to improper checksum length handling

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

Affected products

rhcos

rsync

==3.2.7
*
==3.3.0

Matching in nixpkgs

pkgs.rsync

Fast incremental file transfer utility

nixos-unstable -
- nixpkgs-unstable 3.4.1

pkgs.grsync

Synchronize folders, files and make backups

nixos-unstable -
- nixpkgs-unstable 1.3.1

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

nixos-unstable -
- nixpkgs-unstable 3.4.1

pkgs.rsyncy

Progress bar wrapper for rsync

nixos-unstable -
- nixpkgs-unstable 2.1.0

pkgs.librsync

Implementation of the rsync remote-delta algorithm

nixos-unstable -
- nixpkgs-unstable 2.3.4

pkgs.diskrsync

Rsync for block devices and disk images

nixos-unstable -
- nixpkgs-unstable 1.3.0

pkgs.ethersync

Real-time co-editing of local text files

nixos-unstable -
- nixpkgs-unstable 0.7.0

pkgs.openrsync

BSD-licensed implementation of rsync

nixos-unstable -
- nixpkgs-unstable 2025-01-27

pkgs.sqlite-rsync

Database remote-copy tool for SQLite

nixos-unstable -
- nixpkgs-unstable 3.50.2

pkgs.vdirsyncerStable

Synchronize calendars and contacts

nixos-unstable -
- nixpkgs-unstable 0.20.0

pkgs.yaziPlugins.rsync

Simple rsync plugin for yazi file manager

nixos-unstable -
- nixpkgs-unstable 0-unstable-2025-06-09

pkgs.vimPlugins.ethersync

Real-time co-editing of local text files

nixos-unstable -
- nixpkgs-unstable 0.7.0

pkgs.python312Packages.sysrsync

Simple and safe system's rsync wrapper for Python

nixos-unstable -
- nixpkgs-unstable 1.1.1

pkgs.python313Packages.sysrsync

Simple and safe system's rsync wrapper for Python

nixos-unstable -
- nixpkgs-unstable 1.1.1

pkgs.python312Packages.vdirsyncer

Synchronize calendars and contacts

nixos-unstable -
- nixpkgs-unstable 0.20.0

pkgs.python313Packages.vdirsyncer

Synchronize calendars and contacts

nixos-unstable -
- nixpkgs-unstable 0.20.0

pkgs.vscode-extensions.ethersync.ethersync

Extension for real-time co-editing of local text files

nixos-unstable -
- nixpkgs-unstable 0.4.0

Package maintainers

@jluttine Jaakko Luttinen <jaakko.luttinen@iki.fi>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@wegank Weijia Wang <contact@weijia.wang>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@fricklerhandwerk Valentin Gagarin <valentin@fricklerhandwerk.de>
@kuznero Roman Kuznetsov <roman@kuznero.com>
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
@veprbl Dmitry Kalinkin <veprbl@gmail.com>
@stephen-huan Stephen Huan <stephen.huan@cgdct.moe>
@kampfschlaefer Arnold Krille <arnold@arnoldarts.de>
@ivan Ivan Kozik <ivan@ludios.org>
@nycodeghg Marie Ramlow <tabmeier12+nix@gmail.com>
@JohnAZoidberg Daniel Schäfer <git@danielschaefer.me>
@teto Matthieu Coudron <mcoudron@hotmail.com>