CVE-2013-1864

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
opalvoipportable_tool_library
2.10.1
opalvoipportable_tool_library
2.10.2
opalvoipportable_tool_library
2.10.7
opalvoipportable_tool_library
2.10.9
ekigaekiga
𝑥
≤ 4.0.0
susesuse_linux_enterprise_software_development_kit
11.0:sp3
susesuse_linux_enterprise_desktop
11.0:sp3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ptlib
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
not-affected
quantal
ignored
precise
ignored
oneiric
ignored
lucid
ignored
hardy
dne
pwlib
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
dne
raring
dne
quantal
dne
precise
ignored
oneiric
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html
http://osvdb.org/91439
http://seclists.org/oss-sec/2013/q1/674
http://secunia.com/advisories/52659
http://sourceforge.net/p/opalvoip/code/28856
http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available
http://www.securityfocus.com/bid/58520
https://exchange.xforce.ibmcloud.com/vulnerabilities/82885
https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html
http://osvdb.org/91439
http://seclists.org/oss-sec/2013/q1/674
http://secunia.com/advisories/52659
http://sourceforge.net/p/opalvoip/code/28856
http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available
http://www.securityfocus.com/bid/58520
https://exchange.xforce.ibmcloud.com/vulnerabilities/82885
https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html