CVE-2025-54409

Опубликовано: 14 авг. 2025

Источник: ubuntu

Приоритет: medium

CVSS3: 6.2

Описание

Rajesh Pangare discovered a null pointer dereference vulnerability in AIDE, an advanced intrusion detection system. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service.

Релиз	Статус	Примечание
devel	released	0.19.1-2ubuntu1
esm-infra-legacy/trusty	released	0.16~a2.git20130520-2ubuntu0.1+esm2
esm-infra/bionic	released	0.16-3ubuntu0.1+esm1
esm-infra/focal	released	0.16.1-1ubuntu0.1+esm1
esm-infra/xenial	released	0.16~a2.git20130520-3ubuntu0.1~esm2
jammy	released	0.17.4-1ubuntu0.2
noble	released	0.18.6-2ubuntu0.1
plucky	released	0.18.8-2ubuntu0.1
upstream	released	0.19.2

Показывать по

Ссылки на источники

6.2 Medium

CVSS3

Связанные уязвимости

CVE-2025-54409

CVSS3: 5.5

redhat

15 дней назад

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.

CVE-2025-54409

CVSS3: 6.2

nvd

14 дней назад

CVE-2025-54409

CVSS3: 6.2

debian

14 дней назад

AIDE is an advanced intrusion detection environment. From versions 0.1 ...

6.2 Medium

CVSS3

CVE-2025-54409

Описание

Пакет aide

Ссылки на источники

Связанные уязвимости