|Description||The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f").|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|libemail-address-perl (PTS)||buster, bullseye||1.912-1||fixed|
|sid, trixie, bookworm||1.913-1||fixed|
The information below is based on the following data on fixed versions.
Possibility of DoS vs. usability issue for Email::Address