CVE-2014-0179

CWE-20Improper Input ValidationCWE-611XML External Entity (XXE)10 documents8 sources
Severity
1.9LOW
EPSS
0.1%
top 71.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Opensuse OpensuseRedhat Enterprise LinuxRedhat Enterprise Virtualization+1 more
Timeline
PublishedAug 3
Latest updateMay 14

Description

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages5 packages

Debianlibvirt< 1.2.4-1+3
Ubuntulibvirt< 1.2.2-0ubuntu13.1.5
NVDredhat/libvirt71 versions+70
NVDopensuse/opensuse12.3, 13.1+1

Also affects: Enterprise Linux 6.0

Patches

Patch: security.libvirt.orgPatch: security.libvirt.org

🔴Vulnerability Details

4
GHSA
GHSA-chq6-pgcm-wg35: libvirt 02022-05-14
OSV
libvirt vulnerabilities2014-09-30
CVEList
CVE-2014-0179: libvirt 02014-08-03
OSV
CVE-2014-0179: libvirt 02014-08-03

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2014-09-30
Red Hat
libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read2014-05-06
Debian
CVE-2014-0179: libvirt - libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of...2014

💬Community

2
Bugzilla
CVE-2014-0179 libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read [fedora-all]2014-05-06
Bugzilla
CVE-2014-0179 CVE-2014-5177 libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read2014-04-16
CVE-2014-0179 (LOW CVSS 1.9) | libvirt 0.7.5 through 1.2.x before | cvebase.io