CVE-2013-1864

CWE-119Buffer Overflow5 documents5 sources
Severity
4.3MEDIUM
EPSS
2.7%
top 14.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Ekiga EkigaOpalvoip Portable Tool LibrarySuse Suse Linux Enterprise Desktop+1 more
Timeline
PublishedMay 23
Latest updateMay 17

Description

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDekiga/ekiga4.0.0

Patches

Patch: sourceforge.netPatch: www.ekiga.orgPatch: sourceforge.net

🔴Vulnerability Details

2
GHSA
GHSA-4hmc-wjwv-5gj5: The Portable Tool Library (aka PTLib) before 22022-05-17
CVEList
CVE-2013-1864: The Portable Tool Library (aka PTLib) before 22014-05-23

📋Vendor Advisories

1
Red Hat
ptlib: denial of service processing certain XML documents2013-01-09

💬Community

1
Bugzilla
CVE-2013-1864 ptlib: denial of service processing certain XML documents2013-03-15