{"id":"AZL-55691","summary":"CVE-2024-12084 affecting package rsync for versions less than 3.4.1-1","details":"A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.","modified":"2026-04-01T05:18:42.627986Z","published":"2025-01-15T15:15:10Z","upstream":["CVE-2024-12084"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-12084"}],"affected":[{"package":{"name":"rsync","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/rsync"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55691.json"}}],"schema_version":"1.7.5"}