Billion Laughs Attack: Denial of Service Vulnerability in PTLib

Billion Laughs Attack: Denial of Service Vulnerability in PTLib

CVE-2013-1864 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."

Learn more about our Web Application Penetration Testing UK.