VYPR
Unrated severityNVD Advisory· Published Jul 30, 2019· Updated Aug 4, 2024

CVE-2019-10161

CVE-2019-10161

Description

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

30

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.