PT-2014-3647 · Perl · Email::Address

Bastian Blank

Published

2014-07-03

Updated

2024-06-15

CVE-2014-0477

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Email::Address module versions prior to 1.905

Description The issue concerns the parse function in the Email::Address module, which uses an inefficient regular expression. This inefficiency can be exploited by remote attackers to cause a denial of service through excessive CPU consumption. The attack can be initiated by sending an empty quoted string in an RFC 2822 address.

Recommendations For versions prior to 1.905, update to version 1.905 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-0477

DLA-0011-1

DSA-2969-1

MGASA-2014-0389

OPENSUSE-SU-2024:10452-1

Affected Products

Email::Address

PT-2014-3647 · Perl · Email::Address

CVE-2014-0477

Related Identifiers

Affected Products

References · 22