CVE-2021-45417

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

7.8HIGH

EPSS

0.0%

top 88.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment Canonical Ubuntu Linux Debian Debian Linux +4 more

Timeline

PublishedJan 20

Latest updateJan 21

Description

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶Debianaide< 0.17.3-4+deb11u1+3

▶NVDadvanced_intrusion_detection_environment_project/advanced_intrusion_detection_environment0.13 — 0.17.3

▶NVDredhat/ovirt-node4.4.10

▶NVDredhat/virtualization_host4.0

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 35, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 21.04, 21.10, Enterprise Linux 6.0, 7.0, 8.0

Patches

Patch: www.openwall.com ↗Patch: www.ipi.fi ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-gfm2-8gq5-m3x8: AIDE before 0↗2022-01-21

▶

OSV

CVE-2021-45417: AIDE before 0↗2022-01-20

▶

CVEList

CVE-2021-45417: AIDE before 0↗2022-01-20

▶

📋Vendor Advisories

Ubuntu

AIDE vulnerability↗2022-01-20

▶

Red Hat

aide: heap-based buffer overflow on outputs larger than B64_BUF↗2022-01-20

▶

Ubuntu

AIDE vulnerability↗2022-01-20

▶

Debian

CVE-2021-45417: aide - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file...↗2021

▶