CVE-2014-0477

Name of the Vulnerable Software and Affected Versions Email::Address module versions prior to 1.905

Description The issue concerns the parse function in the Email::Address module, which uses an inefficient regular expression. This inefficiency can be exploited by remote attackers to cause a denial of service through excessive CPU consumption. The attack can be initiated by sending an empty quoted string in an RFC 2822 address.

Recommendations For versions prior to 1.905, update to version 1.905 or later to resolve the issue.