CVE-2015-8076
N/A
N/A
Summary
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html
- https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html
- https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html
- http://www.openwall.com/lists/oss-security/2015/11/04/3
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html
- https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
- http://www.openwall.com/lists/oss-security/2015/09/30/3
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
- http://www.openwall.com/lists/oss-security/2015/09/29/2
- https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
References
- https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html
- https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html
- https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html
- http://www.openwall.com/lists/oss-security/2015/11/04/3
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html
- https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
- http://www.openwall.com/lists/oss-security/2015/09/30/3
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
- http://www.openwall.com/lists/oss-security/2015/09/29/2
- https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.