Summary: | <dev-perl/Email-Address-1.905.0: Denial-of-Service in Email::Address::parse (CVE-2014-0477) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | perl |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1110723 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-06-19 09:17:55 UTC
CVE-2014-0477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0477): The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address. @Security, please vote. GLSA vote: no GLSA vote: no, |