{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/952657#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nRsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write,–safe-links bypass, and symbolic-link race condition.\r\n\r\n### Description\r\nMany backup programs, such as Rclone, DeltaCopy, and ChronoSync use Rsync as backend software for file synchronization. Rsync can also be used in Daemon mode and is widely used in in public mirrors to synchronize and distribute files efficiently across multiple servers.  \r\nFollowing are the discovered vulnerabilities:\r\n\r\n**CVE-2024-12084** A heap-buffer-overflow vulnerability in the Rsync daemon results in improper handling of attacker-controlled checksum lengths (s2length). When the MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out-of-bounds in the sum2 buffer. \r\n\r\n**CVE-2024-12085** When Rsync compares file checksums, a vulnerability in the Rsync daemon can be triggered. An attacker could manipulate the checksum length (s2length) to force a comparison between the checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. \r\n\r\n**CVE-2024-12086** A vulnerability in the Rsync daemon could cause a server to leak the contents of arbitrary files from clients’ machines. This happens when files are copied from client to server. During the process, a malicious Rsync server can generate invalid communication tokens and checksums from data the attacker compares. The comparison will trigger the client to ask the server to resend data, which the server can use to guess a checksum. The server could then reprocess data, byte to byte, to determine the contents of the target file. \r\n\r\n**CVE-2024-12087** A path traversal vulnerability in the Rsync daemon affects the --inc-recursive option, a default-enabled option for many flags that can be enabled by the server even if not explicitly enabled by the client. When using this option, a lack of proper symlink verification coupled with de-duplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could remotely trigger this activity by exploiting symbolic links named after valid client directories/paths.\r\n\r\n**CVE-2024-12088** A --safe-links option vulnerability results in Rsync failing to properly verify whether the symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary files being written outside of the desired directory.\r\n\r\n**CVE-2024-12747** Rsync is vulnerable to a symbolic-link race condition, which may lead to privilege escalation. A user could gain access to privileged files on affected servers. \r\n\r\n### Impact\r\nWhen combined, the first two vulnerabilities (heap buffer overflow and information leak) allow a client to execute arbitrary code on a device that has an Rsync server running. The client requires only anonymous read-access to the server, such as public mirrors.\r\nAdditionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt.\r\n\r\n### Solution\r\nApply the latest patches available at https://github.com/RsyncProject/rsync and https://download.samba.org/pub/rsync/src/. Users should run updates on their software as soon as possible. As Rsync can be distributed bundled, ensure any software that provides such updates is also kept current to address these vulnerabilities.\r\n\r\n### Acknowledgements\r\nThanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research for discovering the first five vulnerabilities; thanks to Aleksei Gorban for discovering the symbolic-link race condition. Finally, thanks to Andrew Tridgell for reporting all of them.\r\nThis document was written by Dr. Elke Drennan, CISSP.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"There is no impact; F5 products are not affected by these vulnerabilities.","title":"Vendor statment from F5 Networks"},{"category":"other","text":"FreeBSD does not ship with rsync as part of the base system. rsync is available as part of the FreeBSD ports/pkg system, but the responsibility for analysis of risk lies with the administrator that chooses to install and configure rsync.","title":"Vendor statment from FreeBSD"},{"category":"other","text":"While HardenedBSD does not ship with rsync, the project's infrastructure uses rsync to sync build artifacts across its mirrors.","title":"Vendor statment from HardenedBSD"},{"category":"other","text":"The NetBSD base system is not affected because it does not ship with rsync.\r\n\r\npkgsrc includes an affected version of rsync as the net/rsync package, and will be updated when rsync upstream releases a fixed version, for all platforms that pkgsrc supports.","title":"Vendor statment from NetBSD"},{"category":"other","text":"SmartOS, an illumos distribution that powers Triton Data Center, ships rsync in the platform image, and it will need to be updated.  Additionally some users opt for the pkgsrc version of rsync, which will also need to be updated, or the pkgsrc revision will need to be updated.\r\n\r\nSmartOS release-20250123 and later have rsync 3.4.1 in them.","title":"Vendor statment from Triton Data Center"},{"category":"other","text":"rsync is not part of illumos per se, but it is part of illumos distributions.  Each distribution that includes rsync will need to issue their own statement.","title":"Vendor statment from Illumos"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/952657"},{"url":"https://github.com/NixOS/nixpkgs/pull/373784","summary":"Reference(s) from vendor \"NixOS\""},{"url":"https://github.com/NixOS/nixpkgs/pull/373811","summary":"Reference(s) from vendor \"NixOS\""},{"url":"https://almalinux.org/blog/2025-01-17-rsync-vulnerabilities/","summary":"Reference(s) from vendor \"AlmaLinux OS Foundation\""}],"title":"Rsync contains six vulnerabilities","tracking":{"current_release_date":"2025-08-25T17:26:38+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#952657","initial_release_date":"2025-01-14 15:06:52.703974+00:00","revision_history":[{"date":"2025-08-25T17:26:38+00:00","number":"1.20250825172638.11","summary":"Released on 2025-08-25T17:26:38+00:00"}],"status":"final","version":"1.20250825172638.11"}},"vulnerabilities":[{"title":"A vulnerability in the heap buffer overflow in checksum parsing allows an attacker to write <= 48 bytes past the sum2 buffer limit.","notes":[{"category":"summary","text":"A vulnerability in the heap buffer overflow in checksum parsing allows an attacker to write <= 48 bytes past the sum2 buffer limit."}],"cve":"CVE-2024-12084","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#952657"}],"references":[{"url":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","summary":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","category":"external"}],"product_status":{"known_affected":["CSAFPID-3a2d3804-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2db356-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2e3830-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2fc9ac-348f-11f1-8422-122e2785dc9f","CSAFPID-3a30161e-348f-11f1-8422-122e2785dc9f","CSAFPID-3a307df2-348f-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-3a2c38f0-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2c8a58-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2ce6e2-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2d742c-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2deaa6-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2e8236-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2ec82c-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2f3b40-348f-11f1-8422-122e2785dc9f","CSAFPID-3a2f8514-348f-11f1-8422-122e2785dc9f","CSAFPID-3a305372-348f-11f1-8422-122e2785dc9f","CSAFPID-3a30b5ba-348f-11f1-8422-122e2785dc9f","CSAFPID-3a30fb06-348f-11f1-8422-122e2785dc9f"]}},{"title":"Info leak via uninitialized stack contents defeats address space layout randomization.","notes":[{"category":"summary","text":"Info leak via uninitialized stack contents defeats address space layout randomization."}],"cve":"CVE-2024-12085","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#952657"}],"references":[{"url":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","summary":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","category":"external"}],"product_status":{"known_affected":["CSAFPID-3a325fb4-348f-11f1-8422-122e2785dc9f","CSAFPID-3a328d36-348f-11f1-8422-122e2785dc9f","CSAFPID-3a32bf90-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3343b6-348f-11f1-8422-122e2785dc9f","CSAFPID-3a34d438-348f-11f1-8422-122e2785dc9f","CSAFPID-3a35102e-348f-11f1-8422-122e2785dc9f","CSAFPID-3a357f32-348f-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-3a31a95c-348f-11f1-8422-122e2785dc9f","CSAFPID-3a31f25e-348f-11f1-8422-122e2785dc9f","CSAFPID-3a323552-348f-11f1-8422-122e2785dc9f","CSAFPID-3a32ea10-348f-11f1-8422-122e2785dc9f","CSAFPID-3a338f88-348f-11f1-8422-122e2785dc9f","CSAFPID-3a33d1f0-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3446c6-348f-11f1-8422-122e2785dc9f","CSAFPID-3a348014-348f-11f1-8422-122e2785dc9f","CSAFPID-3a35c4ec-348f-11f1-8422-122e2785dc9f","CSAFPID-3a360f74-348f-11f1-8422-122e2785dc9f"]}},{"title":"Server leaks arbitrary client files when a client is connected to a malicious server.","notes":[{"category":"summary","text":"Server leaks arbitrary client files when a client is connected to a malicious server."}],"cve":"CVE-2024-12086","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#952657"}],"references":[{"url":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","summary":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","category":"external"}],"product_status":{"known_affected":["CSAFPID-3a377d6e-348f-11f1-8422-122e2785dc9f","CSAFPID-3a37a79e-348f-11f1-8422-122e2785dc9f","CSAFPID-3a37e01a-348f-11f1-8422-122e2785dc9f","CSAFPID-3a389528-348f-11f1-8422-122e2785dc9f","CSAFPID-3a39c4b6-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3a061a-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3a7190-348f-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-3a36bca8-348f-11f1-8422-122e2785dc9f","CSAFPID-3a37073a-348f-11f1-8422-122e2785dc9f","CSAFPID-3a374678-348f-11f1-8422-122e2785dc9f","CSAFPID-3a380ee6-348f-11f1-8422-122e2785dc9f","CSAFPID-3a384c30-348f-11f1-8422-122e2785dc9f","CSAFPID-3a38c908-348f-11f1-8422-122e2785dc9f","CSAFPID-3a390c4c-348f-11f1-8422-122e2785dc9f","CSAFPID-3a39814a-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3a9f6c-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3ad784-348f-11f1-8422-122e2785dc9f"]}},{"title":"A server can make a client write files outside of the destination directory using symbolic links.","notes":[{"category":"summary","text":"A server can make a client write files outside of the destination directory using symbolic links."}],"cve":"CVE-2024-12087","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#952657"}],"references":[{"url":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","summary":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","category":"external"}],"product_status":{"known_affected":["CSAFPID-3a3bc0c2-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3bebec-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3c26b6-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3c893a-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3ddb00-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3e0f94-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3e8dca-348f-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-3a3b3382-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3b699c-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3b9962-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3c5168-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3cc79c-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3d0ba8-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3d61a2-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3d8ad8-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3ecf56-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3eff30-348f-11f1-8422-122e2785dc9f"]}},{"title":"A --safe-links bypass vulnerability can result in a client pointing outside of the destination directory.","notes":[{"category":"summary","text":"A --safe-links bypass vulnerability can result in a client pointing outside of the destination directory."}],"cve":"CVE-2024-12088","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#952657"}],"references":[{"url":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","summary":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","category":"external"}],"product_status":{"known_affected":["CSAFPID-3a403102-348f-11f1-8422-122e2785dc9f","CSAFPID-3a4061c2-348f-11f1-8422-122e2785dc9f","CSAFPID-3a4088dc-348f-11f1-8422-122e2785dc9f","CSAFPID-3a40d9b8-348f-11f1-8422-122e2785dc9f","CSAFPID-3a4249a6-348f-11f1-8422-122e2785dc9f","CSAFPID-3a428542-348f-11f1-8422-122e2785dc9f","CSAFPID-3a432038-348f-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-3a3f9616-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3fcb40-348f-11f1-8422-122e2785dc9f","CSAFPID-3a3ffce6-348f-11f1-8422-122e2785dc9f","CSAFPID-3a40aea2-348f-11f1-8422-122e2785dc9f","CSAFPID-3a41218e-348f-11f1-8422-122e2785dc9f","CSAFPID-3a415d3e-348f-11f1-8422-122e2785dc9f","CSAFPID-3a41bbb2-348f-11f1-8422-122e2785dc9f","CSAFPID-3a41fc94-348f-11f1-8422-122e2785dc9f","CSAFPID-3a436e76-348f-11f1-8422-122e2785dc9f","CSAFPID-3a43cff6-348f-11f1-8422-122e2785dc9f"]}},{"title":"Rsync is vulnerable to a symbolic-link race condition, which may lead to privilege escalation.","notes":[{"category":"summary","text":"Rsync is vulnerable to a symbolic-link race condition, which may lead to privilege escalation. A user could gain access to privileged files on servers where rsync is used to perform local backups."}],"cve":"CVE-2024-12747","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#952657"}],"references":[{"url":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","summary":"https://support.bull.com/ols/product/security/psirt/security-bulletins/vulnerabilities-in-rsync-psirt-1854-tlp-clear-version-0-4-cve-2024-12084-cve-2024-12085-cve-2024-12086-cve-2024-12087-cve-2024-12088-cve-2024-12747/view","category":"external"}],"product_status":{"known_affected":["CSAFPID-3a452266-348f-11f1-8422-122e2785dc9f","CSAFPID-3a45633e-348f-11f1-8422-122e2785dc9f","CSAFPID-3a45a358-348f-11f1-8422-122e2785dc9f","CSAFPID-3a4641fa-348f-11f1-8422-122e2785dc9f","CSAFPID-3a473c90-348f-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-3a446074-348f-11f1-8422-122e2785dc9f","CSAFPID-3a44b45c-348f-11f1-8422-122e2785dc9f","CSAFPID-3a44ee72-348f-11f1-8422-122e2785dc9f","CSAFPID-3a45f358-348f-11f1-8422-122e2785dc9f","CSAFPID-3a468f66-348f-11f1-8422-122e2785dc9f","CSAFPID-3a46ee98-348f-11f1-8422-122e2785dc9f","CSAFPID-3a477598-348f-11f1-8422-122e2785dc9f","CSAFPID-3a47adc4-348f-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"F5 Networks","product":{"name":"F5 Networks Products","product_id":"CSAFPID-3a2c38f0-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-3a2c8a58-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Atos SE","product":{"name":"Atos SE Products","product_id":"CSAFPID-3a2ce6e2-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-3a2d3804-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-3a2d742c-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AlmaLinux OS Foundation","product":{"name":"AlmaLinux OS Foundation Products","product_id":"CSAFPID-3a2db356-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HardenedBSD","product":{"name":"HardenedBSD Products","product_id":"CSAFPID-3a2deaa6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NixOS","product":{"name":"NixOS Products","product_id":"CSAFPID-3a2e3830-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-3a2e8236-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Linux Foundation","product":{"name":"Linux Foundation Products","product_id":"CSAFPID-3a2ec82c-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ARM Limited","product":{"name":"ARM Limited Products","product_id":"CSAFPID-3a2efb30-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"FreeBSD","product":{"name":"FreeBSD Products","product_id":"CSAFPID-3a2f3b40-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-3a2f8514-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arch Linux","product":{"name":"Arch Linux Products","product_id":"CSAFPID-3a2fc9ac-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Gentoo Linux","product":{"name":"Gentoo Linux Products","product_id":"CSAFPID-3a30161e-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Synology","product":{"name":"Synology Products","product_id":"CSAFPID-3a305372-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Triton Data Center","product":{"name":"Triton Data Center Products","product_id":"CSAFPID-3a307df2-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-3a30b5ba-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Afero","product":{"name":"Afero Products","product_id":"CSAFPID-3a30fb06-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"F5 Networks","product":{"name":"F5 Networks Products","product_id":"CSAFPID-3a31a95c-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-3a31f25e-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Atos SE","product":{"name":"Atos SE Products","product_id":"CSAFPID-3a323552-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-3a325fb4-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-3a328d36-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AlmaLinux OS Foundation","product":{"name":"AlmaLinux OS Foundation Products","product_id":"CSAFPID-3a32bf90-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HardenedBSD","product":{"name":"HardenedBSD Products","product_id":"CSAFPID-3a32ea10-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NixOS","product":{"name":"NixOS Products","product_id":"CSAFPID-3a3343b6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-3a338f88-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Linux Foundation","product":{"name":"Linux Foundation Products","product_id":"CSAFPID-3a33d1f0-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ARM Limited","product":{"name":"ARM Limited Products","product_id":"CSAFPID-3a33fe14-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"FreeBSD","product":{"name":"FreeBSD Products","product_id":"CSAFPID-3a3446c6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-3a348014-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arch Linux","product":{"name":"Arch Linux Products","product_id":"CSAFPID-3a34d438-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Gentoo Linux","product":{"name":"Gentoo Linux Products","product_id":"CSAFPID-3a35102e-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Synology","product":{"name":"Synology Products","product_id":"CSAFPID-3a354648-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Triton Data Center","product":{"name":"Triton Data Center Products","product_id":"CSAFPID-3a357f32-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-3a35c4ec-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Afero","product":{"name":"Afero Products","product_id":"CSAFPID-3a360f74-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"F5 Networks","product":{"name":"F5 Networks Products","product_id":"CSAFPID-3a36bca8-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-3a37073a-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Atos SE","product":{"name":"Atos SE Products","product_id":"CSAFPID-3a374678-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-3a377d6e-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-3a37a79e-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AlmaLinux OS Foundation","product":{"name":"AlmaLinux OS Foundation Products","product_id":"CSAFPID-3a37e01a-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"FreeBSD","product":{"name":"FreeBSD Products","product_id":"CSAFPID-3a380ee6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HardenedBSD","product":{"name":"HardenedBSD Products","product_id":"CSAFPID-3a384c30-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NixOS","product":{"name":"NixOS Products","product_id":"CSAFPID-3a389528-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-3a38c908-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Linux Foundation","product":{"name":"Linux Foundation Products","product_id":"CSAFPID-3a390c4c-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ARM Limited","product":{"name":"ARM Limited Products","product_id":"CSAFPID-3a394eaa-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-3a39814a-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arch Linux","product":{"name":"Arch Linux Products","product_id":"CSAFPID-3a39c4b6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Gentoo Linux","product":{"name":"Gentoo Linux Products","product_id":"CSAFPID-3a3a061a-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Synology","product":{"name":"Synology Products","product_id":"CSAFPID-3a3a4436-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Triton Data Center","product":{"name":"Triton Data Center Products","product_id":"CSAFPID-3a3a7190-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-3a3a9f6c-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Afero","product":{"name":"Afero Products","product_id":"CSAFPID-3a3ad784-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Atos SE","product":{"name":"Atos SE Products","product_id":"CSAFPID-3a3b3382-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"F5 Networks","product":{"name":"F5 Networks Products","product_id":"CSAFPID-3a3b699c-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-3a3b9962-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-3a3bc0c2-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-3a3bebec-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AlmaLinux OS Foundation","product":{"name":"AlmaLinux OS Foundation Products","product_id":"CSAFPID-3a3c26b6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HardenedBSD","product":{"name":"HardenedBSD Products","product_id":"CSAFPID-3a3c5168-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NixOS","product":{"name":"NixOS Products","product_id":"CSAFPID-3a3c893a-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-3a3cc79c-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Linux Foundation","product":{"name":"Linux Foundation Products","product_id":"CSAFPID-3a3d0ba8-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ARM Limited","product":{"name":"ARM Limited Products","product_id":"CSAFPID-3a3d3754-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"FreeBSD","product":{"name":"FreeBSD Products","product_id":"CSAFPID-3a3d61a2-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-3a3d8ad8-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arch Linux","product":{"name":"Arch Linux Products","product_id":"CSAFPID-3a3ddb00-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Gentoo Linux","product":{"name":"Gentoo Linux Products","product_id":"CSAFPID-3a3e0f94-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Synology","product":{"name":"Synology Products","product_id":"CSAFPID-3a3e4c84-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Triton Data Center","product":{"name":"Triton Data Center Products","product_id":"CSAFPID-3a3e8dca-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-3a3ecf56-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Afero","product":{"name":"Afero Products","product_id":"CSAFPID-3a3eff30-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"F5 Networks","product":{"name":"F5 Networks Products","product_id":"CSAFPID-3a3f9616-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-3a3fcb40-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Atos SE","product":{"name":"Atos SE Products","product_id":"CSAFPID-3a3ffce6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-3a403102-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-3a4061c2-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AlmaLinux OS Foundation","product":{"name":"AlmaLinux OS Foundation Products","product_id":"CSAFPID-3a4088dc-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HardenedBSD","product":{"name":"HardenedBSD Products","product_id":"CSAFPID-3a40aea2-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NixOS","product":{"name":"NixOS Products","product_id":"CSAFPID-3a40d9b8-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-3a41218e-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Linux Foundation","product":{"name":"Linux Foundation Products","product_id":"CSAFPID-3a415d3e-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ARM Limited","product":{"name":"ARM Limited Products","product_id":"CSAFPID-3a418e8a-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"FreeBSD","product":{"name":"FreeBSD Products","product_id":"CSAFPID-3a41bbb2-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-3a41fc94-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arch Linux","product":{"name":"Arch Linux Products","product_id":"CSAFPID-3a4249a6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Gentoo Linux","product":{"name":"Gentoo Linux Products","product_id":"CSAFPID-3a428542-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Synology","product":{"name":"Synology Products","product_id":"CSAFPID-3a42de84-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Triton Data Center","product":{"name":"Triton Data Center Products","product_id":"CSAFPID-3a432038-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-3a436e76-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Afero","product":{"name":"Afero Products","product_id":"CSAFPID-3a43cff6-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"F5 Networks","product":{"name":"F5 Networks Products","product_id":"CSAFPID-3a446074-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-3a44b45c-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Atos SE","product":{"name":"Atos SE Products","product_id":"CSAFPID-3a44ee72-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-3a452266-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-3a45633e-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AlmaLinux OS Foundation","product":{"name":"AlmaLinux OS Foundation Products","product_id":"CSAFPID-3a45a358-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HardenedBSD","product":{"name":"HardenedBSD Products","product_id":"CSAFPID-3a45f358-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NixOS","product":{"name":"NixOS Products","product_id":"CSAFPID-3a4641fa-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-3a468f66-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"FreeBSD","product":{"name":"FreeBSD Products","product_id":"CSAFPID-3a46ee98-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Triton Data Center","product":{"name":"Triton Data Center Products","product_id":"CSAFPID-3a473c90-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-3a477598-348f-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Afero","product":{"name":"Afero Products","product_id":"CSAFPID-3a47adc4-348f-11f1-8422-122e2785dc9f"}}]}}