{"id":"AZL-66431","summary":"CVE-2025-54409 affecting package aide for versions less than 0.16-17","details":"AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.","modified":"2026-04-21T04:37:52.178135Z","published":"2025-08-14T16:15:39Z","upstream":["CVE-2025-54409"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54409"}],"affected":[{"package":{"name":"aide","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/aide"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.16-17"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66431.json"}}],"schema_version":"1.7.5"}