CVE-2013-1664
bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
OpenStack Keystone Essex, Folsom, y Grizzly; Compute (Nova) Essex y Folsom, Folsom y Cinder permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y caída) mediante un ataque de Entidad de expansión XML(XEE).
Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-13 CVE Reserved
- 2013-04-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html | X_refsource_confirm | |
| http://bugs.python.org/issue17239 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2013/02/19/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2013/02/19/4 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/nova/+bug/1100282 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html | 2013-05-15 | |
| http://rhn.redhat.com/errata/RHSA-2013-0657.html | 2013-05-15 | |
| http://rhn.redhat.com/errata/RHSA-2013-0658.html | 2013-05-15 | |
| http://rhn.redhat.com/errata/RHSA-2013-0670.html | 2013-05-15 | |
| http://ubuntu.com/usn/usn-1757-1 | 2013-05-15 | |
| https://access.redhat.com/security/cve/CVE-2013-1664 | 2013-03-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=913808 | 2013-03-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Cinder Folsom Search vendor "Openstack" for product "Cinder Folsom" | - | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Compute \(nova\) Essex Search vendor "Openstack" for product "Compute \(nova\) Essex" | - | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Compute \(nova\) Folsom Search vendor "Openstack" for product "Compute \(nova\) Folsom" | - | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Folsom Search vendor "Openstack" for product "Folsom" | - | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Grizzly Search vendor "Openstack" for product "Grizzly" | - | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Keystone Essex Search vendor "Openstack" for product "Keystone Essex" | - | - |
Affected
| ||||||