CVE-2015-7686

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2015-7686

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-7686.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-7686

Downstream

DEBIAN-CVE-2015-7686

MGASA-2016-0397

UBUNTU-CVE-2015-7686

Published

2015-10-06T01:59:33Z

Modified

2026-04-16T06:26:18.343736002Z

Summary

[none]

Details

Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.

References

http://www.openwall.com/lists/oss-security/2015/09/27/1
http://www.openwall.com/lists/oss-security/2015/10/02/13
https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016

CVE-2015-7686

Affected packages