Groups | Search | Server Info | Login | Register
| Newsgroups | perl.pep |
|---|---|
| Date | 2018-06-20 13:28 +0200 |
| Subject | CVE-2018-12558: Denial of Service in Email::Address |
| Message-ID | <20180620112818.wtftvmu665mmfmsg@pali> (permalink) |
| From | pali@cpan.org |
Hi! Following trivial input can be used to DoS Email::Address module
when is used by server application to parse From or To email headers:
$ perl -MEmail::Address -E 'Email::Address->parse("\f" x 30)'
Yes, it is just 30 form-fields characters.
Because Ricardo as Email::Address maintainer had not response I
discussed this problem with Debian Security Team. As a result MITRE
assigned CVE-2018-12558 identifier for it.
Now I would say that Email::Address is now unmaintained.
And as I know because of those problems FreeBSD and Debian distributions
started removal of Email::Address module.
Back to perl.pep | Previous | Next | Find similar
CVE-2018-12558: Denial of Service in Email::Address pali@cpan.org - 2018-06-20 13:28 +0200
csiph-web