Tritondatacenter Smartos vulnerabilities

5 known vulnerabilities affecting tritondatacenter/smartos.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-12084CRITICALCVSS 9.8fixed in 202501232025-01-15
CVE-2024-12084 [CRITICAL] CWE-122 CVE-2024-12084: A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handl A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
nvd
CVE-2024-12087HIGHCVSS 7.5fixed in 202501232025-01-14
CVE-2024-12087 [MEDIUM] CWE-22 CVE-2024-12087: A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursi A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks
nvd
CVE-2024-12088HIGHCVSS 7.5fixed in 202501232025-01-14
CVE-2024-12088 [MEDIUM] CWE-22 CVE-2024-12088: A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
nvd
CVE-2024-12085HIGHCVSS 7.5fixed in 202501232025-01-14
CVE-2024-12085 [HIGH] CWE-908 CVE-2024-12085: A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw all A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
nvd
CVE-2024-12086MEDIUMCVSS 6.8fixed in 202501232025-01-14
CVE-2024-12086 [MEDIUM] CWE-390 CVE-2024-12086: A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file fr A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to
nvd