Buffer overflow in Openstack Compute

CVE-2013-4179

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack…

Vulnerability class: Buffer Overflow

EPSS: 0.007 (71.8th percentile) — read the EPSS interpretation.

Affected products

Openstack Compute — versions 2013.1.3
Openstack Havana — versions havana-1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

RHSA-2013:1199 (x_refsource_REDHAT, vendor-advisory, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Exploit)
USN-2005-1 (x_refsource_UBUNTU, vendor-advisory)