[Bug 1593318] New: CVE-2018-12558 perl-Email-Address: Specially crafted input could cause Denial of Service due to complex parse () method

Wed, 20 Jun 2018 07:36:17 -0700 

https://bugzilla.redhat.com/show_bug.cgi?id=1593318

            Bug ID: 1593318
           Summary: CVE-2018-12558 perl-Email-Address: Specially crafted
                    input could cause Denial of Service due to complex
                    parse() method
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected],
                    [email protected],
                    [email protected], [email protected],
                    [email protected]




The parse() method in the Email::Address module through 1.909 for Perl can
consume a large amount of resources on specially prepared input, leading to
Denial of Service. Prepared special input that caused this problem contained 30
form-field characters ("\f").

References:

http://seclists.org/oss-sec/2018/q2/211
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
perl-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]/message/5J5HWMQWAJWBPZHWNOI5PYWKLSUNAEDR/

Reply via email to