[Bug 1268777] New: CVE-2015-7686 perl-Email-Address: denial of service when parsing crafted email address list
bugzilla at redhat.com
bugzilla at redhat.com
Mon Oct 5 08:36:45 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1268777
Bug ID: 1268777
Summary: CVE-2015-7686 perl-Email-Address: denial of service
when parsing crafted email address list
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team at redhat.com
Reporter: mprpic at redhat.com
CC: perl-devel at lists.fedoraproject.org,
perl-maint-list at redhat.com, rob.myers at gtri.gatech.edu,
tcallawa at redhat.com
A flaw in the parsing of email address lists was found in perl-Email-Address:
Algorithmic complexity vulnerability in Address.pm in the Email-Address module
1.908 and earlier for Perl allows remote attackers to cause a denial of service
(CPU consumption) via a crafted string containing a list of e-mail addresses in
conjunction with parenthesis characters that can be associated with nested
comments. NOTE: the default configuration in 1.908 mitigates this vulnerability
but misparses certain realistic comments.
Further information:
http://seclists.org/oss-sec/2015/q3/644
http://seclists.org/oss-sec/2015/q4/22
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the perl-devel
mailing list