CVE-2024-12747

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-12747

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-12747.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-12747

Downstream

ALPINE-CVE-2024-12747

BELL-CVE-2024-12747

DEBIAN-CVE-2024-12747

DLA-4015-1

DSA-5843-1

OESA-2025-1060

OESA-2025-1061

OESA-2025-1062

OESA-2025-1063

OESA-2025-1064

RHSA-2025:2600

RHSA-2025:7050

RLSA-2025:2600

RLSA-2025:7050

SUSE-SU-2025:0156-1

SUSE-SU-2025:0157-1

SUSE-SU-2025:0165-1

SUSE-SU-2025:0166-1

SUSE-SU-2025:0991-1

UBUNTU-CVE-2024-12747

USN-7206-1

openSUSE-SU-2025:14665-1

Related

Published

2025-01-14T18:15:25Z

Modified

2025-08-09T20:01:25Z

Summary

[none]

Details

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.

References

Affected packages