Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-12085 PoC — Rsync: info leak via uninitialized stack contents

Source
https://github.com/Otsutez/cve-2024-12085
Associated Vulnerability
Title:Rsync: info leak via uninitialized stack contents (CVE-2024-12085)
Description:A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Readme
# CVE-2024-12085 Infoleak exploit

Note, this exploit is not versatile! Target module and checksums are hardcoded. Automatic checksum calculation has yet to be implemented.

## Miscellaneous files

`port-forwarding.py` is modified from https://gist.github.com/WangYihang/e7d36b744557e4673d2157499f6c6b5e. It's used to capture traffic between rsync server and client.

`checksum.py` is my attempt at implementing automatic checksum calculation. I didn't have enough time to finish it.

`test.sh` is a script used to test heap allocations in rsync.
File Snapshot

 [4.0K]  /data/pocs/2a3e235a98a94075782815e1fa3e8063996b63a4
├── [ 633]  checksum.py
├── [4.2K]  exploit.py
├── [4.2K]  port-forwarding.py
├── [ 549]  README.md
└── [1.5K]  test.sh

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →