Lucene search
Ubuntu.comUB:CVE-2013-1864HistoryMay 23, 2014 - 12:00 a.m.
CVE-2013-1864
2014-05-2300:00:00
ubuntu.com
ubuntu.com
10
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
0.023
Percentile
89.8%
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga
before 4.0.1, does not properly detect recursion during entity expansion,
which allows remote attackers to cause a denial of service (memory and CPU
consumption) via a crafted PXML document containing a large number of
nested entity references, aka a “billion laughs attack.”
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | report is against ekiga, but the affected code isn’t in ekiga itself |
Related
prion
prion
Design/Logic Flaw
2014-05-23 14:55:00
nessus
nessus
RHEL 5 : pwlib (Unpatched Vulnerability)
2024-06-03 00:00:00
Ekiga < 4.0.1 ptlib XML Expansion Recursion DoS
2013-04-19 00:00:00
RHEL 6 : pwlib (Unpatched Vulnerability)
2024-06-03 00:00:00
debiancve
debiancve
CVE-2013-1864
2014-05-23 14:55:00
cve
cve
CVE-2013-1864
2014-05-23 14:55:09
nvd
nvd
CVE-2013-1864
2014-05-23 14:55:09
cvelist
cvelist
CVE-2013-1864
2014-05-23 14:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
0.023
Percentile
89.8%
Related for UB:CVE-2013-1864