Hi! Following trivial input can be used to DoS Email::Address module when is used by server application to parse From or To email headers:
$ perl -MEmail::Address -E 'Email::Address->parse("\f" x 30)' Yes, it is just 30 form-fields characters. Because Ricardo as Email::Address maintainer had not response I discussed this problem with Debian Security Team. As a result MITRE assigned CVE-2018-12558 identifier for it. Now I would say that Email::Address is now unmaintained. And as I know because of those problems FreeBSD and Debian distributions started removal of Email::Address module.