Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rt | Bestpractical | 4.2.0 (including) | 4.2.0 (including) |
| Rt | Bestpractical | 4.2.1 (including) | 4.2.1 (including) |
| Rt | Bestpractical | 4.2.2 (including) | 4.2.2 (including) |
| Email::address::list | Email::address::list_project | * | 0.01 (including) |
| Libemail-address-list-perl | Ubuntu | upstream | * |
References
- http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html
- http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html
- https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02
- http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html
- http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html
- https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02