Vulnerabilities > CVE-2021-45417 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

advanced-intrusion-detection-environment-project

NVD

Published: 2022-01-20

Updated: 2023-11-25

Summary

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Advanced_Intrusion_Detection_Environment_Project Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.13 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.13.1 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.14 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.14.1 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.14.2 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.15 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.15.1 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.16 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.16.1 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.16.2 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.17 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.17.1 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.17.2 Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment 0.17.3	24
Application	Redhat Redhat Virtualization Host 4.0 Redhat Ovirt Node 4.4.10	2
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 8.0	3
OS	Fedoraproject Fedoraproject Fedora 35	1
OS	Canonical Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 20.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 21.04 Canonical Ubuntu Linux 21.10	6
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.