Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2013-1864
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-23 May, 2014 | 14:55
Updated At-12 Apr, 2025 | 10:46

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
opalvoip
opalvoip
>>portable_tool_library>>2.10.1
cpe:2.3:a:opalvoip:portable_tool_library:2.10.1:*:*:*:*:*:*:*
opalvoip
opalvoip
>>portable_tool_library>>2.10.2
cpe:2.3:a:opalvoip:portable_tool_library:2.10.2:*:*:*:*:*:*:*
opalvoip
opalvoip
>>portable_tool_library>>2.10.7
cpe:2.3:a:opalvoip:portable_tool_library:2.10.7:*:*:*:*:*:*:*
opalvoip
opalvoip
>>portable_tool_library>>2.10.9
cpe:2.3:a:opalvoip:portable_tool_library:2.10.9:*:*:*:*:*:*:*
ekiga
ekiga
>>ekiga>>Versions up to 4.0.0(inclusive)
cpe:2.3:a:ekiga:ekiga:*:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux_enterprise_software_development_kit>>11.0
cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
SUSE
suse
>>suse_linux_enterprise_desktop>>11.0
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.htmlsecalert@redhat.com
N/A
http://osvdb.org/91439secalert@redhat.com
N/A
http://seclists.org/oss-sec/2013/q1/674secalert@redhat.com
N/A
http://secunia.com/advisories/52659secalert@redhat.com
N/A
http://sourceforge.net/p/opalvoip/code/28856secalert@redhat.com
Exploit
Patch
http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-availablesecalert@redhat.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/58520secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/82885secalert@redhat.com
N/A
https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/91439af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/oss-sec/2013/q1/674af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/52659af854a3a-2127-422b-91ae-364da2661108
N/A
http://sourceforge.net/p/opalvoip/code/28856af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-availableaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/58520af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/82885af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/91439
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2013/q1/674
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/52659
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sourceforge.net/p/opalvoip/code/28856
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/58520
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/82885
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/91439
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2013/q1/674
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/52659
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sourceforge.net/p/opalvoip/code/28856
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/58520
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/82885
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found