CVE-2013-4179

Published: Sep 16, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

Affected (3)

Products: Openstack: Havana, Compute

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Havana	Up to havana-2
Openstack Havana	Version havana-1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Compute	Version 2013.1.3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://rhn.redhat.com/errata/RHSA-2013-1199.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.ubuntu.com/usn/USN-2005-1

Source: secalert@redhat.com

https://bugs.launchpad.net/ossa/+bug/1190229

Source: secalert@redhat.com

Exploit

http://rhn.redhat.com/errata/RHSA-2013-1199.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.ubuntu.com/usn/USN-2005-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ossa/+bug/1190229

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.