Lucene search

[email protected]NVD:CVE-2013-1864

HistoryMay 23, 2014 - 2:55 p.m.

CVE-2013-1864

2014-05-2314:55:09

CWE-119

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a “billion laughs attack.”

Affected configurations

NVD

Node

opalvoipportable_tool_libraryMatch2.10.1

opalvoipportable_tool_libraryMatch2.10.2

opalvoipportable_tool_libraryMatch2.10.7

opalvoipportable_tool_libraryMatch2.10.9

Node

ekigaekigaRange≤4.0.0

Node

susesuse_linux_enterprise_software_development_kitMatch11.0sp3

susesuse_linux_enterprise_desktopMatch11.0sp3

References

lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html

osvdb.org/91439

seclists.org/oss-sec/2013/q1/674

secunia.com/advisories/52659

sourceforge.net/p/opalvoip/code/28856

www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available

www.securityfocus.com/bid/58520

exchange.xforce.ibmcloud.com/vulnerabilities/82885

www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for NVD:CVE-2013-1864

debiancve1 prion1 nessus5 cve1 cvelist1 ubuntucve1