CVE-2014-0179

Priority
Description
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a
denial of service (read block and hang) via a crafted XML document
containing an XML external entity declaration in conjunction with an entity
reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API
method, related to an XML External Entity (XXE) issue. NOTE: this issue
was SPLIT per ADT3 due to different affected versions of some vectors.
CVE-2014-5177 is used for other API methods.
Notes
 mdeslaur> non-default configuration
Assigned-to
mdeslaur
More Information

Updated: 2019-03-19 12:13:50 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)