Improper input validation in Opensuse

CVE-2014-0179

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virC…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (28.4th percentile) — read the EPSS interpretation.

Affected products

Opensuse — versions 12.3, 13.1
Redhat Enterprise_linux — versions 6.0
Redhat Enterprise_virtualization — versions 3.0
Redhat Libvirt — versions 0.7.5, 0.7.6, 0.7.7
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

RHSA-2014:0560 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
60895 (x_refsource_SECUNIA, third-party-advisory)
GLSA-201412-04 (vendor-advisory, x_refsource_GENTOO)
openSUSE-SU-2014:0674 (vendor-advisory, x_refsource_SUSE)
DSA-3038 (vendor-advisory, x_refsource_DEBIAN)
openSUSE-SU-2014:0650 (vendor-advisory, x_refsource_SUSE)
USN-2366-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)