SB2019061824 - Input validation error in perl-email-address-list (Alpine package)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019061824

SB2019061824 - Input validation error in perl-email-address-list (Alpine package)

Published: June 18, 2019

Security Bulletin ID SB2019061824
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Input validation error (CVE-ID: CVE-2018-18898)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.


Remediation

Install update from vendor's website.

References