A heap-based buffer overflow vulnerability in base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL. A local user might exploit this flaw for root privilege escalation.
Created aide tracking bugs for this issue: Affects: fedora-all [bug 2043054]
Upstream Patch: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc Upstream Release: https://github.com/aide/aide/releases/tag/v0.17.4
Created oVirt tracking bug for this issue: Affects: oVirt Node 4.4 [ bug 2043471 ]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0440 https://access.redhat.com/errata/RHSA-2022:0440
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0441 https://access.redhat.com/errata/RHSA-2022:0441
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0456 https://access.redhat.com/errata/RHSA-2022:0456
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0464 https://access.redhat.com/errata/RHSA-2022:0464
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:0472 https://access.redhat.com/errata/RHSA-2022:0472
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0473 https://access.redhat.com/errata/RHSA-2022:0473
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:0540 https://access.redhat.com/errata/RHSA-2022:0540
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-45417
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263