Description
Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/563
Various Sources x_refsource_confirm
https://github.com/rjbs/Email-Address/blob/master/Changes
Scores
EPSS
0.0047
EPSS Percentile
64.8%
Details
Status
published
Products (2)
email\/\
address_module_project email\ (34 CPE variants)
email\/\
< 1.903
Published
Jul 06, 2014
Tracked Since
Feb 18, 2026