CVE-2013-1864

2014-05-2314:55:09

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-1864

portable tool library

ptlib

ekiga

denial of service

memory consumption

cpu consumption

pxml document

billion laughs attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a “billion laughs attack.”

Affected configurations

NVD

Node

opalvoipportable_tool_libraryMatch2.10.1

opalvoipportable_tool_libraryMatch2.10.2

opalvoipportable_tool_libraryMatch2.10.7

opalvoipportable_tool_libraryMatch2.10.9

Node

ekigaekigaRange≤4.0.0

Node

susesuse_linux_enterprise_software_development_kitMatch11.0sp3

susesuse_linux_enterprise_desktopMatch11.0sp3

CPENameOperatorVersion
opalvoip:portable_tool_libraryopalvoip portable tool libraryeq2.10.1
opalvoip:portable_tool_libraryopalvoip portable tool libraryeq2.10.2
opalvoip:portable_tool_libraryopalvoip portable tool libraryeq2.10.7
opalvoip:portable_tool_libraryopalvoip portable tool libraryeq2.10.9

CPE	Name	Operator	Version
opalvoip:portable_tool_library	opalvoip portable tool library	eq	2.10.1
opalvoip:portable_tool_library	opalvoip portable tool library	eq	2.10.2
opalvoip:portable_tool_library	opalvoip portable tool library	eq	2.10.7
opalvoip:portable_tool_library	opalvoip portable tool library	eq	2.10.9