CVE-2019-10161

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10161

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10161.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10161

Downstream

ALPINE-CVE-2019-10161

DEBIAN-CVE-2019-10161

DLA-1832-1

DSA-4469-1

RHSA-2019:1578

RHSA-2019:1579

RHSA-2019:1580

RHSA-2019:1699

RHSA-2019:1762

SUSE-SU-2019:14097-1

SUSE-SU-2019:14100-1

SUSE-SU-2019:1599-1

SUSE-SU-2019:1637-1

SUSE-SU-2019:1643-1

SUSE-SU-2019:1686-1

SUSE-SU-2019:1690-1

SUSE-SU-2019:2105-1

SUSE-SU-2019:2227-1

SUSE-SU-2019:2227-2

UBUNTU-CVE-2019-10161

USN-4047-1

USN-4047-2

openSUSE-SU-2019:1672-1

openSUSE-SU-2019:1753-1

openSUSE-SU-2024:11008-1

Related

Published

2019-07-30T23:15:12Z

Modified

2025-08-09T19:01:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

References

Affected packages