{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-12T13:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2014:0560", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://libvirt.org/news.html"}, {"name": "60895", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"name": "openSUSE-SU-2014:0674", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"}, {"name": "DSA-3038", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3038"}, {"name": "openSUSE-SU-2014:0650", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"}, {"name": "USN-2366-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2366-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security.libvirt.org/2014/0003.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:05:39.165Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:0560", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://libvirt.org/news.html"}, {"name": "60895", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"name": "openSUSE-SU-2014:0674", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"}, {"name": "DSA-3038", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3038"}, {"name": "openSUSE-SU-2014:0650", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"}, {"name": "USN-2366-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2366-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security.libvirt.org/2014/0003.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0179", "datePublished": "2014-08-03T18:00:00.000Z", "dateReserved": "2013-12-03T00:00:00.000Z", "dateUpdated": "2024-08-06T09:05:39.165Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*", "matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*", "matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*", "matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D60D834F-926B-416B-AB66-FCD7981DDCF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods."}, {"lang": "es", "value": "libvirt 0.7.5 hasta 1.2.x anterior a 1.2.5 permite a usuarios locales causar una denegaci\u00f3n de servicio (bloqueo de lectura y cuelgue) a trav\u00e9s de un documento XML manipulado que contiene una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad en el m\u00e9todo (1) virConnectCompareCPU o (2) virConnectBaselineCPU API, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema fue dividido (SPLIT) por ADT3 debido a las diferentes versiones afectadas de algunos vectores. CVE-2014-5177 se utiliza para otros m\u00e9todos API."}], "id": "CVE-2014-0179", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-03T18:55:05.630", "references": [{"source": "secalert@redhat.com", "url": "http://libvirt.org/news.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60895"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.libvirt.org/2014/0003.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3038"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2366-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://libvirt.org/news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.libvirt.org/2014/0003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2366-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters.", "affected_release": [{"advisory": "RHSA-2014:0560", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libvirt-0:0.10.2-29.el6_5.8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-05-27T00:00:00Z"}, {"advisory": "RHSA-2014:0914", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "moderate", "package": "libvirt-0:1.1.1-29.el7_0.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-07-22T00:00:00Z"}], "bugzilla": {"description": "libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read", "id": "1088290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290"}, "csaw": false, "cvss": {"cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-611", "details": ["libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.", "It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system."], "name": "CVE-2014-0179", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:storage:2.0", "fix_state": "Under investigation", "package_name": "libvirt", "product_name": "Red Hat Storage 2.0"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Under investigation", "package_name": "libvirt", "product_name": "Red Hat Storage 2.1"}], "public_date": "2014-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0179\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0179\nhttp://security.libvirt.org/2014/0003.html"], "statement": "This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux 5, however the impact is limited to denial of service since it does not support fine grained access control.", "threat_severity": "Moderate"}

{}