Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66431.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-66431
Upstream
Published
2025-08-14T16:15:39Z
Modified
2026-04-21T04:37:52.178135Z
Summary
CVE-2025-54409 affecting package aide for versions less than 0.16-17
Details

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.

References

Affected packages

Azure Linux:2 / aide

Package

Name
aide
Purl
pkg:rpm/azure-linux/aide

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.16-17

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66431.json"