5

CVE-2014-0477

Exploit
The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.58% 0.879
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/oss-sec/2014/q2/563
http://secunia.com/advisories/59212
http://secunia.com/advisories/59333
http://secunia.com/advisories/61981
http://www.debian.org/security/2014/dsa-2969
https://bugzilla.redhat.com/show_bug.cgi?id=1110723
https://github.com/rjbs/Email-Address/blob/master/Changes
https://github.com/rjbs/Email-Address/commit/83f8306117115729ac9346523762c0c396251eb5
Patch
Exploit
https://metacpan.org/release/RJBS/Email-Address-1.905