CVE-2014-1474
Severity CVSS v4.0:
Pending analysis
Type:
CWE-189
Numeric Errors
Publication date:
15/07/2014
Last modified:
12/04/2025
Description
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bestpractical:rt:4.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bestpractical:rt:4.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bestpractical:rt:4.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:email\:\:address\:\:list_project:email\:\:address\:\:list:*:*:*:*:*:*:*:* | 0.01 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html
- http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html
- https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02
- http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html
- http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html
- https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02