Search for vulnerabilities
Vulnerability details: VCID-494p-s8zb-aaaj
Vulnerability ID VCID-494p-s8zb-aaaj
Aliases CVE-2021-45417
Summary AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:0440
rhas Important https://access.redhat.com/errata/RHSA-2022:0441
rhas Important https://access.redhat.com/errata/RHSA-2022:0456
rhas Important https://access.redhat.com/errata/RHSA-2022:0464
rhas Important https://access.redhat.com/errata/RHSA-2022:0472
rhas Important https://access.redhat.com/errata/RHSA-2022:0473
rhas Important https://access.redhat.com/errata/RHSA-2022:0540
rhas Important https://access.redhat.com/errata/RHSA-2022:1263
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45417.json
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2021-45417
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=2041489
cvssv3.1 7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-45417
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45417
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45417
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45417.json
https://api.first.org/data/v1/epss?cve=CVE-2021-45417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45417
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html
https://www.debian.org/security/2022/dsa-5051
https://www.ipi.fi/pipermail/aide/2022-January/001713.html
https://www.openwall.com/lists/oss-security/2022/01/20/3
http://www.openwall.com/lists/oss-security/2022/01/20/3
2041489 https://bugzilla.redhat.com/show_bug.cgi?id=2041489
cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-node:4.4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ovirt-node:4.4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVE-2021-45417 https://nvd.nist.gov/vuln/detail/CVE-2021-45417
GLSA-202311-07 https://security.gentoo.org/glsa/202311-07
RHSA-2022:0440 https://access.redhat.com/errata/RHSA-2022:0440
RHSA-2022:0441 https://access.redhat.com/errata/RHSA-2022:0441
RHSA-2022:0456 https://access.redhat.com/errata/RHSA-2022:0456
RHSA-2022:0464 https://access.redhat.com/errata/RHSA-2022:0464
RHSA-2022:0472 https://access.redhat.com/errata/RHSA-2022:0472
RHSA-2022:0473 https://access.redhat.com/errata/RHSA-2022:0473
RHSA-2022:0540 https://access.redhat.com/errata/RHSA-2022:0540
RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263
USN-5243-1 https://usn.ubuntu.com/5243-1/
USN-5243-2 https://usn.ubuntu.com/5243-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45417.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2021-45417
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-45417
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-45417
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05268
EPSS Score 0.0003
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.