Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 Jun 2014 07:19:15 +0200
From: Salvatore Bonaccorso <>
Subject: CVE-2014-0477: Email::Address: Denial-of-Service in


Bastian Blank reported a denial of service vulnerability in
Email::Address, a Perl module for RFC 2822 address parsing and
creation[1]. Email::Address::parse uses significant time on parsing
empty quoted string, as allowed by RFC 2822.

CVE-2014-0477 was assigned to reference this issue.

Bastian Blank suggested a fix which was applied upstream as [2]
contained in a new upstream version 1.905[3] which contain additional
commits to avoid slowdowns.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ