PT-2015-7580 · Unknown · Email::Address

Pali Rohár

Published

2015-10-03

Updated

2017-07-04

CVE-2015-7686

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Email-Address module versions 1.908 and earlier

Description The issue allows remote attackers to cause a denial of service due to high CPU consumption. This can be achieved by sending a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments.

Recommendations For Email-Address module versions 1.908 and earlier, consider updating to a version later than 1.908 to resolve the issue. As a temporary workaround, consider restricting the use of nested comments in conjunction with parenthesis characters to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-20

Related Identifiers

CVE-2015-7686

DSA-3882-1

MGASA-2016-0397

Affected Products

Email::Address

PT-2015-7580 · Unknown · Email::Address

CVE-2015-7686

Weakness Enumeration

Related Identifiers

Affected Products

References · 22