CVE-2018-18898
published 2019-03-21CVE-2018-18898: The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.36%
81.6th percentile
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bestpractical | request_tracker | 4.1.13 – 4.4.0 | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libemail-address-list-perl | < libemail-address-list-perl 0.06-1 (bookworm) | libemail-address-list-perl 0.06-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Email-Address-List vulnerability
vendor_ubuntu·2020-09-17·CVSS 7.5
CVE-2018-18898 [HIGH] Email-Address-List vulnerability
Title: Email-Address-List vulnerability
Summary: Email-Address-List could be made to remotely exhaust resources if it
received specially crafted email data.
It was discovered that Email-Address-List does not properly parse email
addresses during email-ingestion. A remote attacker could use this issue
to cause an algorithmic complexity attack, resulting in a denial of
service. (CVE-2018-18898)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2018-18898: libemail-address-list-perl - The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4...
vendor_debian·2018·CVSS 7.5
CVE-2018-18898 [HIGH] CVE-2018-18898: libemail-address-list-perl - The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4...
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
Scope: local
bookworm: resolved (fixed in 0.06-1)
bullseye: resolved (fixed in 0.06-1)
forky: resolved (fixed in 0.06-1)
sid: resolved (fixed in 0.06-1)
trixie: resolved (fixed in 0.06-1)
GHSA
GHSA-6rmj-6826-5j8h: The email-ingestion feature in Best Practical Request Tracker 4
ghsa_unreviewed·2022-05-13
CVE-2018-18898 [HIGH] CWE-400 GHSA-6rmj-6826-5j8h: The email-ingestion feature in Best Practical Request Tracker 4
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
OSV
libemail-address-list-perl vulnerability
osv·2020-09-17·CVSS 7.5
CVE-2018-18898 [HIGH] libemail-address-list-perl vulnerability
libemail-address-list-perl vulnerability
It was discovered that Email-Address-List does not properly parse email
addresses during email-ingestion. A remote attacker could use this issue
to cause an algorithmic complexity attack, resulting in a denial of
service. (CVE-2018-18898)
OSV
CVE-2018-18898: The email-ingestion feature in Best Practical Request Tracker 4
osv·2019-03-21·CVSS 7.5
CVE-2018-18898 [HIGH] CVE-2018-18898: The email-ingestion feature in Best Practical Request Tracker 4
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bestpractical.com/download-pagehttps://lists.debian.org/debian-lts-announce/2020/02/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/https://usn.ubuntu.com/4517-1/https://bestpractical.com/download-pagehttps://lists.debian.org/debian-lts-announce/2020/02/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/https://usn.ubuntu.com/4517-1/
2019-03-21
Published