CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
89.8%
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga
before 4.0.1, does not properly detect recursion during entity expansion,
which allows remote attackers to cause a denial of service (memory and CPU
consumption) via a crafted PXML document containing a large number of
nested entity references, aka a “billion laughs attack.”
Author | Note |
---|---|
jdstrand | report is against ekiga, but the affected code isn’t in ekiga itself |