CVE-2015-7686
Email-Address < 1.908 - Denial of Service via Crafted Email Address List with Nested Comments
Title source: llmDescription
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/02/13
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/09/27/1
Scores
EPSS
0.0307
EPSS Percentile
86.1%
Details
CWE
CWE-20
CWE-399
Status
published
Products (1)
email-address_project/email-address
< 1.908
Published
Oct 06, 2015
Tracked Since
Feb 18, 2026