CVE-2014-1474

Severity

50%

Complexity

99%

Confidentiality

48%

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 10 years ago

2014-07-15 14:55:00

Last updated 10 years ago

2014-07-15 16:37:00

Affected Software

Best Practical Solutions RT 4.2.0

4.2.0

Best Practical Solutions RT 4.2.1

4.2.1

Best Practical Solutions RT 4.2.2

4.2.2

Email::Address::List project Email::Address::List 0.01

address\
address\

References

http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html

Vendor Advisory

[rt-announce] 20140612 RT 4.2.5 released

Patch, Vendor Advisory

https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.