From c8e8690bec458c37b982bc7603dc2808935f338a Mon Sep 17 00:00:00 2001
From: anolis-bot <zy_chao@163.com>
Date: Tue, 21 Jan 2025 16:59:03 +0800
Subject: [PATCH] update cve CVE-2024-12084

---
 data/cve/CVE-2024-12084.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/cve/CVE-2024-12084.json b/data/cve/CVE-2024-12084.json
index b578bc6af7..a514ac8c28 100644
--- a/data/cve/CVE-2024-12084.json
+++ b/data/cve/CVE-2024-12084.json
@@ -51,19 +51,19 @@
         "rsync"
     ],
     "score": 9.8,
-    "severity": "None",
+    "severity": "Critical",
     "status": 1,
     "source": "Mitre",
     "cve_source_link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12084",
     "abstract": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.",
-    "description": null,
+    "description": "This vulnerability only affects a limited range of Rsync versions, rsync-3.2.7 and rsync-3.3.0. Red Hat Enterprise Linux does not ship these versions of Rsync and is not affected.",
     "issue": null,
-    "acknowledgements": null,
-    "acknowledgements_en": null,
+    "acknowledgements": "",
+    "acknowledgements_en": "",
     "reference": null,
     "diagnose": null,
     "statement": null,
     "mitigation": null,
-    "update_user": null,
+    "update_user": "Shiloong",
     "errata": []
 }
\ No newline at end of file
-- 
Gitee