CVE-2014-0179
libvirt 0.7.5-1.2.4 - Denial of Service via XML External Entity in virConnectCompareCPU and virConnectBaselineCPU
Title source: llmDescription
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0560.html
Various Sources x_refsource_confirm
http://libvirt.org/news.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60895
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201412-04.xml
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3038
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2366-1
Patch, Vendor Advisory x_refsource_confirm
http://security.libvirt.org/2014/0003.html
Scores
EPSS
0.0056
EPSS Percentile
42.6%
Details
CWE
CWE-20
Status
published
Products (50)
opensuse/opensuse
12.3
opensuse/opensuse
13.1
redhat/enterprise_linux
6.0
redhat/enterprise_virtualization
3.0
redhat/libvirt
0.7.5
redhat/libvirt
0.7.6
redhat/libvirt
0.7.7
redhat/libvirt
0.8.0
redhat/libvirt
0.8.1
redhat/libvirt
0.8.2
... and 40 more
Published
Aug 03, 2014
Tracked Since
Feb 18, 2026