Lucene search

K
mageiaGentoo FoundationMGASA-2014-0389
HistorySep 26, 2014 - 7:55 p.m.

Updated perl-Email-Address packages fix security vulnerabilities

2014-09-2619:55:04
Gentoo Foundation
advisories.mageia.org
25

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.039

Percentile

92.1%

Updated perl-Email-Address package fixes security vulnerability: The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address (CVE-2014-0477). The Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to “backtracking into the phrase” (CVE-2014-4720).

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.039

Percentile

92.1%