FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-Email-Address-List -- DDoS related vulnerability

Affected packages
p5-Email-Address-List < 0.06

Details

VuXML ID 22b90fe6-258e-11e9-9c8d-6805ca0b3d42
Discovery 2019-01-02
Entry 2019-01-31

Best PRactical Solutions reports:

 0.06 2019-01-02

 - Changes to address CVE-2018-18898 which could allow DDoS-type attacks.
   Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for
   contributing fixes.
   - Fix pathological backtracking for unkown regex
   - Fix pathological backtracking in obs-phrase(i.e. obs-display-name)
   - Fix pathological backtracking in cfws, quoted strings
	  

References

CVE Name CVE-2018-18898
URL https://metacpan.org/source/BPS/Email-Address-List-0.06/Changes