Unrated severityNVD Advisory· Published Jul 15, 2014· Updated May 6, 2026

CVE-2014-1474

Description

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.

Affected products

Bestpractical/Rt3 versions
cpe:2.3:a:bestpractical:rt:4.2.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:bestpractical:rt:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:rt:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:rt:4.2.2:*:*:*:*:*:*:*
Email\/\
cpe:2.3:a:email\:\:address\:\:list_project:email\:\:address\:\:list:*:*:*:*:*:*:*:*
Range: <=0.01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.htmlnvdPatchVendor Advisory
metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02nvdPatch
blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.htmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000