Hi! Following trivial input can be used to DoS Email::Address module
when is used by server application to parse From or To email headers:
$ perl -MEmail::Address -E 'Email::Address->parse("\f" x 30)'
Yes, it is just 30 form-fields characters.
Because Ricardo as Email::Address maintainer had not response I
discussed this problem with Debian Security Team. As a result MITRE
assigned CVE-2018-12558 identifier for it.
Now I would say that Email::Address is now unmaintained.
And as I know because of those problems FreeBSD and Debian distributions
started removal of Email::Address module.