CVE-2018-12558

EPSS 0.53%
Veröffentlicht 20.06.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 03:45:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f").

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Email::address Module Project ≫ Email::address SwPlatformperl Version <= 1.909

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.662

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-407 Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00012.html

http://www.openwall.com/lists/oss-security/2018/06/19/3

Third Party Advisory

Mailing List

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-12558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12558

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-12558