CVE-2014-1474

Name of the Vulnerable Software and Affected Versions Email::Address::List versions prior to 0.02 RT versions 4.2.0 through 4.2.2

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by providing a string without an address. This is related to an algorithmic complexity vulnerability.

Recommendations For Email::Address::List versions prior to 0.02, update to version 0.02 or later. For RT versions 4.2.0 through 4.2.2, update to a version outside of this range or apply a patch that fixes the algorithmic complexity vulnerability in Email::Address::List.