NULL Pointer Dereference Affecting aide package, versions <0.16~a2.git20130520-3ubuntu0.1~esm2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-UBUNTU1604-AIDE-11808516
- published15 Aug 2025
- disclosed14 Aug 2025
Introduced: 14 Aug 2025
NewCVE-2025-54409 (opens in a new tab)How to fix?
Upgrade Ubuntu:16.04 aide to version 0.16a2.git20130520-3ubuntu0.1esm2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream aide package and not the aide package as distributed by Ubuntu.
See How to fix? for Ubuntu:16.04 relevant fixed versions and status.
AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.