CVE-2013-4179

Openstack Havana < havana-2 - Memory Corruption

Title source: rule

Description

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

References (3)

Scores

EPSS 0.0067
EPSS Percentile 71.0%

Classification

CWE
CWE-119
Status draft

Affected Products (4)

openstack/havana < havana-2
openstack/havana
openstack/compute
pypi/nova < 2013.2PyPI

Timeline

Published Sep 16, 2013
Tracked Since Feb 18, 2026