CVE-2014-0477

The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.

Published: Jul 3, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-0477
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
email--address_module_project / email--address	1.898	1.898.x
email--address_module_project / email--address	1.881	1.881.x
email--address_module_project / email--address	1.870	1.870.x
email--address_module_project / email--address	1.889	1.889.x
email--address_module_project / email--address	1.886	1.886.x
email--address_module_project / email--address	1.80	1.80.x
email--address_module_project / email--address	1.890	1.890.x
email--address_module_project / email--address	1.893	1.893.x
email--address_module_project / email--address	1.86	1.86.x
email--address_module_project / email--address	1.903	1.903.x
email--address_module_project / email--address	1.894	1.894.x
email--address_module_project / email--address	1.882	1.882.x
email--address_module_project / email--address	1.902	1.902.x
email--address_module_project / email--address	1.7	1.7.x
email--address_module_project / email--address	1.899	1.899.x
email--address_module_project / email--address	1.884	1.884.x
email--address_module_project / email--address	1.880	1.880.x
email--address_module_project / email--address	1.5	1.5.x
email--address_module_project / email--address	1.2	1.2.x
email--address_module_project / email--address	1.3	1.3.x
email--address_module_project / email--address	1.871	1.871.x
email--address_module_project / email--address	1.892	1.892.x
email--address_module_project / email--address	-	1.904.x
email--address_module_project / email--address	1.883	1.883.x
email--address_module_project / email--address	1.897	1.897.x
email--address_module_project / email--address	1.891	1.891.x
email--address_module_project / email--address	1.900	1.900.x
email--address_module_project / email--address	1.901	1.901.x
email--address_module_project / email--address	1.896	1.896.x
fedoraproject / fedora	-	-
email--address_module_project / email--address	1.887	1.887.x
email--address_module_project / email--address	1.885	1.885.x
email--address_module_project / email--address	1.1	1.1.x
email--address_module_project / email--address	1.895	1.895.x
email--address_module_project / email--address	1.888	1.888.x
email--address_module_project / email--address	1.85	1.85.x
email--address_module_project / email--address	1.6	1.6.x

Vulnerability Database

317,019

CVE-2014-0477

Deep Security Visibility Without the Complexity