First published: Wed Jun 18 2014(Updated: )
It was discovered [1] that there's a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation [2]. Email::Address::parse uses significant time on parsing empty quoted string, as allowed by RFC 2822. Suggested fix was applied upstream as [3] contained in a new upstream version 1.905 [4] which contain additional commits [5] to avoid slowdowns. [1] <a href="http://seclists.org/oss-sec/2014/q2/563">http://seclists.org/oss-sec/2014/q2/563</a> [2] <a href="https://metacpan.org/release/Email-Address">https://metacpan.org/release/Email-Address</a> [3] <a href="https://github.com/rjbs/Email-Address/commit/83f8306">https://github.com/rjbs/Email-Address/commit/83f8306</a> [4] <a href="https://metacpan.org/release/RJBS/Email-Address-1.905">https://metacpan.org/release/RJBS/Email-Address-1.905</a> [5] <a href="https://github.com/rjbs/Email-Address/blob/432d10e/Changes">https://github.com/rjbs/Email-Address/blob/432d10e/Changes</a>
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/perl-Email-Address | <1.905 | 1.905 |
Email\ \ | <=1.904 | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Email\ \ | =address_module_project-email\ | |
Fedoraproject Fedora |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.