Buffer overflow in Openstack Cinder_folsom
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a…
Vulnerability class: Buffer Overflow
EPSS: 0.039 (88.6th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
Public proof-of-concept exploits
References
- [oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 (mailing-list, x_refsource_MLIST)
- [openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) (Vendor Advisory, mailing-list, x_refsource_MLIST)
- RHSA-2013:0658 (x_refsource_REDHAT, vendor-advisory)
- [oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) (mailing-list, x_refsource_MLIST)
- USN-1757-1 (x_refsource_UBUNTU, vendor-advisory)
- RHSA-2013:0657 (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Exploit)
- cve@mitre.org (x_refsource_CONFIRM)
- RHSA-2013:0670 (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2013-1664?
- CVE-2013-1664 is a vulnerability in Openstack Cinder_folsom, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-04-03.
- Is CVE-2013-1664 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.