Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| email-address_project | email-address | * |