[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2014-0179Date: (C)2014-08-01   (M)2018-06-27


libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.9
Exploit Score: 3.4
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-60895
DSA-3038
GLSA-201412-04
RHSA-2014:0560
USN-2366-1
http://libvirt.org/news.html
http://security.libvirt.org/2014/0003.html
openSUSE-SU-2014:0650
openSUSE-SU-2014:0674

CPE    75
cpe:/a:redhat:enterprise_virtualization:3.0
cpe:/a:redhat:libvirt:1.2.1
cpe:/a:redhat:libvirt:1.0.5
cpe:/a:redhat:libvirt:1.2.3
...
CWE    1
CWE-20
OVAL    12
oval:org.secpod.oval:def:501347
oval:org.secpod.oval:def:702234
oval:org.secpod.oval:def:108431
oval:org.secpod.oval:def:203328
...

© SecPod Technologies