Vulnerability in Bestpractical Rt

CVE-2014-1474

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.

EPSS: 0.005 (67.8th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Rt — versions 4.2.0, 4.2.1, 4.2.2
Email\ \ — versions address\
N/a — versions n/a

Weakness classification (CWE)

CWE-189

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch)
[rt-announce] 20140612 RT 4.2.5 released (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)