CVE-2021-45417
HIGHAdvanced Intrusion Detection Environment - Out-of-Bounds Write
Title source: ruleDescription
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
References (6)
Core 6
Core References
Exploit, Mailing List, Mitigation, Patch, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/01/20/3
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5051
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-07
Exploit, Mailing List, Mitigation, Patch, Third Party Advisory
https://www.ipi.fi/pipermail/aide/2022-January/001713.html
Exploit, Mailing List, Mitigation, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/20/3
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
11.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (16)
advanced_intrusion_detection_environment_project/advanced_intrusion_detection_environment
0.13 - 0.17.3
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
canonical/ubuntu_linux
21.04
canonical/ubuntu_linux
21.10
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
... and 6 more
Published
Jan 20, 2022
Tracked Since
Feb 18, 2026