CVE-2014-1474
published 2014-07-15CVE-2014-1474: Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.43%
82.2th percentile
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| debian | libemail-address-list-perl | < libemail-address-list-perl 0.03-1 (bookworm) | libemail-address-list-perl 0.03-1 (bookworm) |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-1474: libemail-address-list-perl - Algorithmic complexity vulnerability in Email::Address::List before 0.02, as use...
vendor_debian·2014·CVSS 5.0
CVE-2014-1474 [MEDIUM] CVE-2014-1474: libemail-address-list-perl - Algorithmic complexity vulnerability in Email::Address::List before 0.02, as use...
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
Scope: local
bookworm: resolved (fixed in 0.03-1)
bullseye: resolved (fixed in 0.03-1)
forky: resolved (fixed in 0.03-1)
sid: resolved (fixed in 0.03-1)
trixie: resolved (fixed in 0.03-1)
GHSA
GHSA-wgvf-wh5w-rhm5: Algorithmic complexity vulnerability in Email::Address::List before 0
ghsa_unreviewed·2022-05-17
CVE-2014-1474 [MEDIUM] GHSA-wgvf-wh5w-rhm5: Algorithmic complexity vulnerability in Email::Address::List before 0
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
OSV
CVE-2014-1474: Algorithmic complexity vulnerability in Email::Address::List before 0
osv·2014-07-15·CVSS 5.0
CVE-2014-1474 [MEDIUM] CVE-2014-1474: Algorithmic complexity vulnerability in Email::Address::List before 0
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.htmlhttps://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.htmlhttps://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02
2014-07-15
Published