CVE-2013-1864 — MEDIUM (4.3)

Q: How severe is CVE-2013-1864?

CVE-2013-1864 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-1864?

Check the references section above for vendor advisories and patch information. Affected products include: Opalvoip Portable Tool Library, Ekiga Ekiga, Suse Suse Linux Enterprise Software Development Kit, Suse Suse Linux Enterprise Desktop.

Vulnerability Description

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Opalvoip	Portable Tool Library	2.10.1
Ekiga	Ekiga	<= 4.0.0
Suse	Suse Linux Enterprise Software Development Kit	11.0
Suse	Suse Linux Enterprise Desktop	11.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2013-1864?

CVE-2013-1864 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of serv...

How severe is CVE-2013-1864?

CVE-2013-1864 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1864?

Check the references section above for vendor advisories and patch information. Affected products include: Opalvoip Portable Tool Library, Ekiga Ekiga, Suse Suse Linux Enterprise Software Development Kit, Suse Suse Linux Enterprise Desktop.