https://bugzilla.redhat.com/show_bug.cgi?id=1268777 Bug ID: 1268777 Summary: CVE-2015-7686 perl-Email-Address: denial of service when parsing crafted email address list Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: mprpic@xxxxxxxxxx CC: perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, perl-maint-list@xxxxxxxxxx, rob.myers@xxxxxxxxxxxxxxx, tcallawa@xxxxxxxxxx A flaw in the parsing of email address lists was found in perl-Email-Address: Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments. Further information: http://seclists.org/oss-sec/2015/q3/644 http://seclists.org/oss-sec/2015/q4/22 -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
