CVE-2025-54409

NameCVE-2025-54409
DescriptionAIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4272-1, DSA-5977-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
aide (PTS)bullseye0.17.3-4+deb11u2vulnerable
bullseye (security)0.17.3-4+deb11u3fixed
bookworm, bookworm (security)0.18.3-1+deb12u4fixed
trixie (security), trixie0.19.1-2+deb13u1fixed
forky, sid0.19.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
aidesourcebullseye0.17.3-4+deb11u3DLA-4272-1
aidesourcebookworm0.18.3-1+deb12u4DSA-5977-1
aidesourcetrixie0.19.1-2+deb13u1DSA-5977-1
aidesource(unstable)0.19.2-1

Notes

https://www.ipi.fi/pipermail/aide/2025-August/001811.html
https://github.com/aide/aide/security/advisories/GHSA-79g7-f8rv-jcxh
Fixed by: https://github.com/aide/aide/commit/54a6d0d9d5f14b81961d66373c0291bf4af4135a (v0.19.2)
Search for package or bug name: Reporting problems