Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-54409

Опубликовано: 14 авг. 2025
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.

A flaw was found in AIDE. This vulnerability allows an attacker to crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user can exploit this issue to cause a local denial of service.

Меры по смягчению последствий

Currently, no mitigation is available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10aideFix deferred
Red Hat Enterprise Linux 6aideOut of support scope
Red Hat Enterprise Linux 7aideFix deferred
Red Hat Enterprise Linux 8aideFix deferred
Red Hat Enterprise Linux 9aideFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2388018aide: null pointer dereference allows local DoS

EPSS

Процентиль: 1%
0.00012
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-54409

CVSS3: 6.2
ubuntu
14 дней назад

Rajesh Pangare discovered a null pointer dereference vulnerability in AIDE, an advanced intrusion detection system. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service.

nvd логотип

CVE-2025-54409

CVSS3: 6.2
nvd
14 дней назад

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.

debian логотип

CVE-2025-54409

CVSS3: 6.2
debian
14 дней назад

AIDE is an advanced intrusion detection environment. From versions 0.1 ...

EPSS

Процентиль: 1%
0.00012
Низкий

5.5 Medium

CVSS3