CVE-2014-0179

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-0179
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.

1.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://libvirt.org/news.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html
http://security.libvirt.org/2014/0003.html Patch Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html
http://rhn.redhat.com/errata/RHSA-2014-0560.html Vendor Advisory
http://www.ubuntu.com/usn/USN-2366-1
http://www.debian.org/security/2014/dsa-3038
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Information

Published : 2014-08-03 11:55

Updated : 2023-02-12 16:35

NVD link : CVE-2014-0179

Mitre link : CVE-2014-0179

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

redhat

  • enterprise_virtualization
  • enterprise_linux
  • libvirt

opensuse

  • opensuse