PT-2018-11250 · Perl+1 · Email::Address+1

Pali Rohár

Published

2018-06-20

Updated

2024-06-15

CVE-2018-12558

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Email::Address module versions through 1.909

Description The issue concerns the parse() method in the Email::Address module, which is susceptible to algorithmic complexity when processing specially prepared input. This can lead to a Denial of Service. The problematic input contains 30 form-field characters (f).

Recommendations For Email::Address module versions through 1.909, consider restricting the use of the parse() method until a patch is available. As a temporary workaround, avoid using the parse() method with untrusted input to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407

Related Identifiers

CVE-2018-12558

MGASA-2019-0046

OPENSUSE-SU-2019:1114-1

OPENSUSE-SU-2019_1114-1

OPENSUSE-SU-2024:12651-1

Affected Products

Email::Address

Suse

PT-2018-11250 · Perl+1 · Email::Address+1

CVE-2018-12558

Weakness Enumeration

Related Identifiers

Affected Products

References · 22