CVE-2015-7686

Email-Address < 1.908 - Denial of Service via Crafted Email Address List with Nested Comments

Title source: llm
STIX 2.1

Description

Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/02/13
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/09/27/1

Scores

EPSS 0.0307
EPSS Percentile 86.1%

Details

CWE
CWE-20 CWE-399
Status published
Products (1)
email-address_project/email-address < 1.908
Published Oct 06, 2015
Tracked Since Feb 18, 2026