CVE-2014-1474
Published: 15 July 2014
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
Priority
Status
Package | Release | Status |
---|---|---|
libemail-address-list-perl Launchpad, Ubuntu, Debian |
upstream |
Released
(0.03-1)
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [0.03-1])
|
|
utopic |
Not vulnerable
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1474
- http://lists.bestpractical.com/pipermail/rt-announce/2014-January/000245.html
- https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02
- http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html
- http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html
- NVD
- Launchpad
- Debian