Lucene search

[email protected]NVD:CVE-2014-0477

HistoryJul 03, 2014 - 5:55 p.m.

CVE-2014-0477

2014-07-0317:55:05

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.3 High

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

JSON

The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.

Affected configurations

NVD

Node

email\\Matchaddress_module_projectemail\\address

email\\Matchaddress_module_projectemail\\address1.1

email\\Matchaddress_module_projectemail\\address1.2

email\\Matchaddress_module_projectemail\\address1.3

email\\Matchaddress_module_projectemail\\address1.5

email\\Matchaddress_module_projectemail\\address1.6

email\\Matchaddress_module_projectemail\\address1.7

email\\Matchaddress_module_projectemail\\address1.80

email\\Matchaddress_module_projectemail\\address1.85

email\\Matchaddress_module_projectemail\\address1.86

email\\Matchaddress_module_projectemail\\address1.870

email\\Matchaddress_module_projectemail\\address1.871

email\\Matchaddress_module_projectemail\\address1.880

email\\Matchaddress_module_projectemail\\address1.881

email\\Matchaddress_module_projectemail\\address1.882

email\\Matchaddress_module_projectemail\\address1.883

email\\Matchaddress_module_projectemail\\address1.884

email\\Matchaddress_module_projectemail\\address1.885

email\\Matchaddress_module_projectemail\\address1.886

email\\Matchaddress_module_projectemail\\address1.887

email\\Matchaddress_module_projectemail\\address1.888

email\\Matchaddress_module_projectemail\\address1.889

email\\Matchaddress_module_projectemail\\address1.890

email\\Matchaddress_module_projectemail\\address1.891

email\\Matchaddress_module_projectemail\\address1.892

email\\Matchaddress_module_projectemail\\address1.893

email\\Matchaddress_module_projectemail\\address1.894

email\\Matchaddress_module_projectemail\\address1.895

email\\Matchaddress_module_projectemail\\address1.896

email\\Matchaddress_module_projectemail\\address1.897

email\\Matchaddress_module_projectemail\\address1.898

email\\Matchaddress_module_projectemail\\address1.899

email\\Matchaddress_module_projectemail\\address1.900

email\\Matchaddress_module_projectemail\\address1.901

email\\Matchaddress_module_projectemail\\address1.902

email\\Matchaddress_module_projectemail\\address1.903

fedoraprojectfedora

References

seclists.org/oss-sec/2014/q2/563

secunia.com/advisories/59212

secunia.com/advisories/59333

secunia.com/advisories/61981

www.debian.org/security/2014/dsa-2969

bugzilla.redhat.com/show_bug.cgi?id=1110723

github.com/rjbs/Email-Address/blob/master/Changes

github.com/rjbs/Email-Address/commit/83f8306117115729ac9346523762c0c396251eb5

metacpan.org/release/RJBS/Email-Address-1.905

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.3 High

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

JSON

Related for NVD:CVE-2014-0477

openvas6 debian4 nessus6 debiancve2 cve2 ubuntucve2 osv2 cvelist2 prion2 fedora2 securityvulns2 mageia1 nvd1