CVE-2014-0179

CVE Details

Release Date:2014-05-06
Impact:Moderate What is this?

Description


It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system.

See more information about CVE-2014-0179 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v2 metrics

Base Score: 3.3
Vector String: AV:A/AC:L/Au:N/C:N/I:N/A:P
Version: 2.0
Attack Vector: Adjacent Network
Attack Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Partial

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (libvirt)ELSA-2014-05602014-05-27
Oracle Linux version 7 (libvirt)ELSA-2014-09142014-07-23


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete