CVE-2014-4720

Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477.

Published: 2014-07-06 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2014-4720 is rated Moderate Risk (48.2/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.86%). Core evidence: EPSS rose +1.39% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2014-4720

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.47% 1.86% +1.39%
2 2025-03-25 0.73% 0.47% -0.25%
3 2025-03-17 0.73%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2014-4720

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
10.0 2.9 [email protected]

Weakness enumeration for CVE-2014-4720

OS Trackers for CVE-2014-4720

vendor priority summary link
debian not yet assigned CVE-2014-4720 not yet assigned priority: Debian including 1 source packages (libemail-address-perl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2014-4720
ubuntu low CVE-2014-4720 low priority: Ubuntu including 1 source packages (libemail-address-perl), 15 status rows across 15 suites (artful, bionic, cosmic, disco, lucid, precise, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 10, ignored 3, DNE 1, released 1. https://ubuntu.com/security/CVE-2014-4720

NVD evaluator notes for CVE-2014-4720

Comment: <a href="http://cwe.mitre.org/data/definitions/185.html" target="_blank">CWE-185: CWE-185: Incorrect Regular Expression</a>

Affected software / configurations for CVE-2014-4720

Vendor Product Version Raw CPE
email::address_module_project email::address <= 1.903 cpe:2.3:a:email\:\:address_module_project:email\:\:address:*:*:*:*:*:perl:*:*
email::address_module_project email::address 1.1 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.1:*:*:*:*:perl:*:*
email::address_module_project email::address 1.2 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.2:*:*:*:*:perl:*:*
email::address_module_project email::address 1.3 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.3:*:*:*:*:perl:*:*
email::address_module_project email::address 1.5 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.5:*:*:*:*:perl:*:*
email::address_module_project email::address 1.6 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.6:*:*:*:*:perl:*:*
email::address_module_project email::address 1.7 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.7:*:*:*:*:perl:*:*
email::address_module_project email::address 1.80 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.80:*:*:*:*:perl:*:*
email::address_module_project email::address 1.85 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.85:*:*:*:*:perl:*:*
email::address_module_project email::address 1.86 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.86:*:*:*:*:perl:*:*
email::address_module_project email::address 1.870 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.870:*:*:*:*:perl:*:*
email::address_module_project email::address 1.871 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.871:*:*:*:*:perl:*:*
email::address_module_project email::address 1.880 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.880:*:*:*:*:perl:*:*
email::address_module_project email::address 1.881 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.881:*:*:*:*:perl:*:*
email::address_module_project email::address 1.882 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.882:*:*:*:*:perl:*:*
email::address_module_project email::address 1.883 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.883:*:*:*:*:perl:*:*
email::address_module_project email::address 1.884 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.884:*:*:*:*:perl:*:*
email::address_module_project email::address 1.885 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.885:*:*:*:*:perl:*:*
email::address_module_project email::address 1.886 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.886:*:*:*:*:perl:*:*
email::address_module_project email::address 1.887 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.887:*:*:*:*:perl:*:*
email::address_module_project email::address 1.888 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.888:*:*:*:*:perl:*:*
email::address_module_project email::address 1.889 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.889:*:*:*:*:perl:*:*
email::address_module_project email::address 1.890 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.890:*:*:*:*:perl:*:*
email::address_module_project email::address 1.891 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.891:*:*:*:*:perl:*:*
email::address_module_project email::address 1.892 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.892:*:*:*:*:perl:*:*
email::address_module_project email::address 1.893 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.893:*:*:*:*:perl:*:*
email::address_module_project email::address 1.894 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.894:*:*:*:*:perl:*:*
email::address_module_project email::address 1.895 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.895:*:*:*:*:perl:*:*
email::address_module_project email::address 1.896 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.896:*:*:*:*:perl:*:*
email::address_module_project email::address 1.897 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.897:*:*:*:*:perl:*:*
email::address_module_project email::address 1.898 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.898:*:*:*:*:perl:*:*
email::address_module_project email::address 1.899 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.899:*:*:*:*:perl:*:*
email::address_module_project email::address 1.900 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.900:*:*:*:*:perl:*:*
email::address_module_project email::address 1.901 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.901:*:*:*:*:perl:*:*
email::address_module_project email::address 1.902 cpe:2.3:a:email\:\:address_module_project:email\:\:address:1.902:*:*:*:*:perl:*:*

References for CVE-2014-4720

cvelogic Threat Intelligence