Vulnerability Details : CVE-2014-4720
Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477.
Vulnerability category: Denial of service
Products affected by CVE-2014-4720
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:*:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.896:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.895:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.894:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.893:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.871:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.870:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.86:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.85:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.899:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.897:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.892:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.890:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.883:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.881:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.7:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.5:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.901:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.888:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.887:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.886:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.885:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.3:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.2:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.1:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.898:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.891:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.889:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.884:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.882:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.880:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.80:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.6:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.902:*:*:*:*:perl:*:*
- cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.900:*:*:*:*:perl:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4720
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4720
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2014-4720
-
https://github.com/rjbs/Email-Address/blob/master/Changes
Email-Address/Changes at master · Perl-Email-Project/Email-Address · GitHub
-
http://seclists.org/oss-sec/2014/q2/563
oss-sec: CVE-2014-0477: Email::Address: Denial-of-Service in Email::Address::parse
Jump to