{"api_version":"1","generated_at":"2026-04-22T23:31:36+00:00","cve":"CVE-2021-45417","urls":{"html":"https://cve.report/CVE-2021-45417","api":"https://cve.report/api/cve/CVE-2021-45417.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-45417","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-45417"},"summary":{"title":"CVE-2021-45417","description":"AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-01-20 18:15:00","updated_at":"2023-11-25 09:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://www.debian.org/security/2022/dsa-5051","name":"DSA-5051","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5051-1 aide","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.openwall.com/lists/oss-security/2022/01/20/3","name":"https://www.openwall.com/lists/oss-security/2022/01/20/3","refsource":"MISC","tags":[],"title":"oss-security - CVE-2021-45417 - aide (>= 0.13 <= 0.17.3): heap-based buffer\n overflow vulnerability in base64 functions","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ipi.fi/pipermail/aide/2022-January/001713.html","name":"https://www.ipi.fi/pipermail/aide/2022-January/001713.html","refsource":"MISC","tags":[],"title":"[Aide] CVE-2021-45417 - aide (>= 0.13 <= 0.17.3): heap-based buffer overflow vulnerability in base64 functions","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html","name":"[debian-lts-announce] 20220125 [SECURITY] [DLA 2894-1] aide security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2894-1] aide security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202311-07","name":"GLSA-202311-07","refsource":"","tags":[],"title":"AIDE: Root Privilege Escalation (GLSA 202311-07) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2022/01/20/3","name":"[oss-security] 20220120 CVE-2021-45417 - aide (>= 0.13 <= 0.17.3): heap-based buffer overflow vulnerability in base64 functions","refsource":"MLIST","tags":[],"title":"oss-security - CVE-2021-45417 - aide (>= 0.13 <= 0.17.3): heap-based buffer\n overflow vulnerability in base64 functions","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-45417","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45417","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"0.17.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"advanced_intrusion_detection_environment_project","cpe5":"advanced_intrusion_detection_environment","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"21.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"21.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"ovirt-node","cpe6":"4.4.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"virtualization_host","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-45417","qid":"159627","title":"Oracle Enterprise Linux Security Update for aide (ELSA-2022-0441)"},{"cve":"CVE-2021-45417","qid":"159629","title":"Oracle Enterprise Linux Security Update for aide (ELSA-2022-0473)"},{"cve":"CVE-2021-45417","qid":"159643","title":"Oracle Enterprise Linux Security Update for aide (ELSA-2022-9165)"},{"cve":"CVE-2021-45417","qid":"179011","title":"Debian Security Update for aide (DSA 5051-1)"},{"cve":"CVE-2021-45417","qid":"179026","title":"Debian Security Update for aide (DLA 2894-1)"},{"cve":"CVE-2021-45417","qid":"182488","title":"Debian Security Update for aide (CVE-2021-45417)"},{"cve":"CVE-2021-45417","qid":"198639","title":"Ubuntu Security Notification for AIDE Vulnerability (USN-5243-1)"},{"cve":"CVE-2021-45417","qid":"240065","title":"Red Hat Update for aide (RHSA-2022:0441)"},{"cve":"CVE-2021-45417","qid":"240066","title":"Red Hat Update for aide (RHSA-2022:0440)"},{"cve":"CVE-2021-45417","qid":"240070","title":"Red Hat Update for aide (RHSA-2022:0456)"},{"cve":"CVE-2021-45417","qid":"240071","title":"Red Hat Update for aide (RHSA-2022:0473)"},{"cve":"CVE-2021-45417","qid":"240446","title":"Red Hat Update for aide (RHSA-2022:0464)"},{"cve":"CVE-2021-45417","qid":"257152","title":"CentOS Security Update for aide (CESA-2022:0473)"},{"cve":"CVE-2021-45417","qid":"353950","title":"Amazon Linux Security Advisory for aide : ALAS-2022-1587"},{"cve":"CVE-2021-45417","qid":"354063","title":"Amazon Linux Security Advisory for aide : ALAS2-2022-1850"},{"cve":"CVE-2021-45417","qid":"377155","title":"Alibaba Cloud Linux Security Update for aide (ALINUX3-SA-2022:0009)"},{"cve":"CVE-2021-45417","qid":"377197","title":"Alibaba Cloud Linux Security Update for aide (ALINUX2-SA-2022:0011)"},{"cve":"CVE-2021-45417","qid":"671443","title":"EulerOS Security Update for aide (EulerOS-SA-2022-1421)"},{"cve":"CVE-2021-45417","qid":"671466","title":"EulerOS Security Update for aide (EulerOS-SA-2022-1442)"},{"cve":"CVE-2021-45417","qid":"671593","title":"EulerOS Security Update for aide (EulerOS-SA-2022-1556)"},{"cve":"CVE-2021-45417","qid":"671619","title":"EulerOS Security Update for aide (EulerOS-SA-2022-1656)"},{"cve":"CVE-2021-45417","qid":"671629","title":"EulerOS Security Update for aide (EulerOS-SA-2022-1642)"},{"cve":"CVE-2021-45417","qid":"671682","title":"EulerOS Security Update for aide (EulerOS-SA-2022-1702)"},{"cve":"CVE-2021-45417","qid":"690777","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for aide (309c35f4-7c9f-11ec-a739-206a8a720317)"},{"cve":"CVE-2021-45417","qid":"710795","title":"Gentoo Linux AIDE Root Privilege Escalation Vulnerability (GLSA 202311-07)"},{"cve":"CVE-2021-45417","qid":"751627","title":"SUSE Enterprise Linux Security Update for aide (SUSE-SU-2022:0145-1)"},{"cve":"CVE-2021-45417","qid":"751634","title":"SUSE Enterprise Linux Security Update for aide (SUSE-SU-2022:0150-1)"},{"cve":"CVE-2021-45417","qid":"751636","title":"OpenSUSE Security Update for aide (openSUSE-SU-2022:0150-1)"},{"cve":"CVE-2021-45417","qid":"751751","title":"OpenSUSE Security Update for aide (openSUSE-SU-2022:0150-2)"},{"cve":"CVE-2021-45417","qid":"753126","title":"SUSE Enterprise Linux Security Update for aide (SUSE-SU-2022:14879-1)"},{"cve":"CVE-2021-45417","qid":"940450","title":"AlmaLinux Security Update for aide (ALSA-2022:0441)"},{"cve":"CVE-2021-45417","qid":"960110","title":"Rocky Linux Security Update for aide (RLSA-2022:441)"},{"cve":"CVE-2021-45417","qid":"960757","title":"Rocky Linux Security Update for aide (RLSA-2022:0441)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-45417","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2022/01/20/3","url":"https://www.openwall.com/lists/oss-security/2022/01/20/3"},{"refsource":"MLIST","name":"[oss-security] 20220120 CVE-2021-45417 - aide (>= 0.13 <= 0.17.3): heap-based buffer overflow vulnerability in base64 functions","url":"http://www.openwall.com/lists/oss-security/2022/01/20/3"},{"refsource":"DEBIAN","name":"DSA-5051","url":"https://www.debian.org/security/2022/dsa-5051"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220125 [SECURITY] [DLA 2894-1] aide security update","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html"},{"refsource":"MISC","name":"https://www.ipi.fi/pipermail/aide/2022-January/001713.html","url":"https://www.ipi.fi/pipermail/aide/2022-January/001713.html"}]}},"nvd":{"publishedDate":"2022-01-20 18:15:00","lastModifiedDate":"2023-11-25 09:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:*:*:*:*:*:*:*:*","versionStartIncluding":"0.13","versionEndIncluding":"0.17.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ovirt-node:4.4.10:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"45417","Ordinal":"223541","Title":"CVE-2021-45417","CVE":"CVE-2021-45417","Year":"2021"},"notes":[]}}}