CVE-2014-0179

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://libvirt.org/news.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html
http://rhn.redhat.com/errata/RHSA-2014-0560.html	Vendor Advisory
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://security.libvirt.org/2014/0003.html	Patch Vendor Advisory
http://www.debian.org/security/2014/dsa-3038
http://www.ubuntu.com/usn/USN-2366-1

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:libvirt:0.7.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.8:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.6.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.6.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.6.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.8:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.9:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.10:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.11.8:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.12:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.13:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.10.2.8:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.0:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.1:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.2:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.3:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.4:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.5:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.5.1:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.5.2:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.5.3:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.5.4:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.5.5:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.5.6:::::::*
	cpe:2.3:a:redhat:libvirt:1.0.6:::::::*
	cpe:2.3:a:redhat:libvirt:1.1.0:::::::*
	cpe:2.3:a:redhat:libvirt:1.1.1:::::::*
	cpe:2.3:a:redhat:libvirt:1.1.2:::::::*
cpe:2.3:a:redhat:libvirt:1.1.3:::::::*
cpe:2.3:a:redhat:libvirt:1.1.4:::::::*
cpe:2.3:a:redhat:libvirt:1.2.0:::::::*
cpe:2.3:a:redhat:libvirt:1.2.1:::::::*
cpe:2.3:a:redhat:libvirt:1.2.2:::::::*
cpe:2.3:a:redhat:libvirt:1.2.3:::::::*
cpe:2.3:a:redhat:libvirt:1.2.4:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:enterprise_virtualization:3.0:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

History

07 Nov 2023, 02:18

Type	Values Removed	Values Added
Summary	libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.	libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.

Information

Published : 2014-08-03 18:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-0179

Mitre link : CVE-2014-0179

CVE.ORG link : CVE-2014-0179

JSON object : View

Products Affected

redhat

enterprise_linux
enterprise_virtualization
libvirt

opensuse

opensuse

CWE

CWE-20

Improper Input Validation

1.9 /10