VDB
ALPINE-CVE-2019-10161
ALPINE-CVE-2019-10161
PUBLISHED
CVSS 7.800000190734863 HIGH
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.7 | libvirt | 3.9.0-r1, 3.9.0-r0, 3.8.0-r0 |
| Alpine:v3.11 | libvirt | 1.3.5-r2, 0, 0.10.0-r0 |
| Alpine:v3.10 | libvirt | 1.2.0-r4, 1.2.1-r0, 1.2.10-r0 |
| Alpine:v3.8 | libvirt | 1.0.4-r0, 0.8.6-r0, 0 |
| Alpine:v3.12 | libvirt | 5.4.0-r0, 1.2.3-r0, 1.2.3-r1 |
| Alpine:v3.9 | libvirt | 4.6.0-r0, 4.5.0-r0, 4.4.0-r0 |
Timeline
- Jul 30, 2019 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch