Lucene search

[email protected]CVE-2015-8076

HistoryDec 03, 2015 - 8:59 p.m.

CVE-2015-8076

2015-12-0320:59:07

CWE-119

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-8076

cyrus imap

index_urlfetch function

sensitive information

remote attackers

out-of-bounds heap read

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

4.3 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

JSON

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

Affected configurations

NVD

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.2

Node

cyrusimapMatch2.3.0

cyrusimapMatch2.3.1

cyrusimapMatch2.3.2

cyrusimapMatch2.3.3

cyrusimapMatch2.3.4

cyrusimapMatch2.3.5

cyrusimapMatch2.3.6

cyrusimapMatch2.3.7

cyrusimapMatch2.3.8

cyrusimapMatch2.3.9

cyrusimapMatch2.3.10

cyrusimapMatch2.3.11

cyrusimapMatch2.3.12

cyrusimapMatch2.3.13

cyrusimapMatch2.3.14

cyrusimapMatch2.3.15

cyrusimapMatch2.3.16

cyrusimapMatch2.3.17

cyrusimapMatch2.3.18

cyrusimapMatch2.4.0

cyrusimapMatch2.4.1

cyrusimapMatch2.4.2

cyrusimapMatch2.4.3

cyrusimapMatch2.4.4

cyrusimapMatch2.4.5

cyrusimapMatch2.4.6

cyrusimapMatch2.4.7

cyrusimapMatch2.4.8

cyrusimapMatch2.4.9

cyrusimapMatch2.4.10

cyrusimapMatch2.4.11

cyrusimapMatch2.4.12

cyrusimapMatch2.4.13

cyrusimapMatch2.4.14

cyrusimapMatch2.4.15

cyrusimapMatch2.4.16

cyrusimapMatch2.4.17

cyrusimapMatch2.5.0

cyrusimapMatch2.5.1

cyrusimapMatch2.5.2

cyrusimapMatch2.5.3

CPENameOperatorVersion
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html

lists.opensuse.org/opensuse-updates/2015-09/msg00037.html

lists.opensuse.org/opensuse-updates/2015-09/msg00038.html

www.openwall.com/lists/oss-security/2015/09/29/2

www.openwall.com/lists/oss-security/2015/09/30/3

www.openwall.com/lists/oss-security/2015/11/04/3

cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921

cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b

docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html

docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html

docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

4.3 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2015-8076

seebug1 nessus8 fedora3 nvd3 openvas4 prion3 cvelist3 ubuntucve3 cve2 suse2