Vulnerability Details : CVE-2018-12558
The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f").
Vulnerability category: Denial of service
Products affected by CVE-2018-12558
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:*:*:*:*:*:perl:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12558
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12558
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-12558
-
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-12558
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00012.html
[security-announce] openSUSE-SU-2019:1114-1: important: Security update
-
http://www.openwall.com/lists/oss-security/2018/06/19/3
oss-security - CVE-2018-12558: DOS in perl module Email::AddressMailing List;Third Party Advisory
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873
#901873 - CVE-2018-12558: DOS vulnerability in perl module Email::Address - Debian Bug report logsThird Party Advisory
Jump to