CVE 2018-18898
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
See the 
CVE page on Mitre.org
for more details.
