CVE-2014-0477

Published: Jul 3, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://metacpan.org/release/RJBS/Email-Address-1.905

x_refsource_CONFIRM

59333

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20140618 CVE-2014-0477: Email::Address: Denial-of-Service in Email::Address::parse

mailing-list

x_refsource_MLIST

61981

third-party-advisory

x_refsource_SECUNIA

https://github.com/rjbs/Email-Address/commit/83f8306117115729ac9346523762c0c396251eb5

x_refsource_CONFIRM

59212

third-party-advisory

x_refsource_SECUNIA

https://github.com/rjbs/Email-Address/blob/master/Changes

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1110723

x_refsource_MISC

DSA-2969

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-0477

Description

Affected Products

References