CVE-2018-18898
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
| Software | From | Fixed in |
|---|---|---|
| bestpractical / request_tracker | 4.1.13 | 4.4.0.x |
| fedoraproject / fedora | 28 | 28.x |
| fedoraproject / fedora | 29 | 29.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
- https://bestpractical.com/download-page
- https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/
- https://usn.ubuntu.com/4517-1/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime