CVE-2014-1474

CVE-2014-1474

EPSS 2.4%

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02