Lucene search

RedhatCVE-2015-8078

HistoryDec 03, 2015 - 8:59 p.m.

CVE-2015-8078

2015-12-0320:59:10

CWE-189

redhat

web.nvd.nist.gov

cyrus imap

integer overflow

cve-2015-8078

nvd

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

4.3

Confidence

High

EPSS

0.018

Percentile

88.1%

JSON

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Affected configurations

Nvd

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.2

Node

cyrusimapMatch2.3.0

cyrusimapMatch2.3.1

cyrusimapMatch2.3.2

cyrusimapMatch2.3.3

cyrusimapMatch2.3.4

cyrusimapMatch2.3.5

cyrusimapMatch2.3.6

cyrusimapMatch2.3.7

cyrusimapMatch2.3.8

cyrusimapMatch2.3.9

cyrusimapMatch2.3.10

cyrusimapMatch2.3.11

cyrusimapMatch2.3.12

cyrusimapMatch2.3.13

cyrusimapMatch2.3.14

cyrusimapMatch2.3.15

cyrusimapMatch2.3.16

cyrusimapMatch2.3.17

cyrusimapMatch2.3.18

cyrusimapMatch2.4.0

cyrusimapMatch2.4.1

cyrusimapMatch2.4.2

cyrusimapMatch2.4.3

cyrusimapMatch2.4.4

cyrusimapMatch2.4.5

cyrusimapMatch2.4.6

cyrusimapMatch2.4.7

cyrusimapMatch2.4.8

cyrusimapMatch2.4.9

cyrusimapMatch2.4.10

cyrusimapMatch2.4.11

cyrusimapMatch2.4.12

cyrusimapMatch2.4.13

cyrusimapMatch2.4.14

cyrusimapMatch2.4.15

cyrusimapMatch2.4.16

cyrusimapMatch2.4.17

cyrusimapMatch2.5.0

cyrusimapMatch2.5.1

cyrusimapMatch2.5.2

cyrusimapMatch2.5.3

VendorProductVersionCPE
opensuseleap42.1cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cyrusimap2.3.0cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*
cyrusimap2.3.1cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*
cyrusimap2.3.2cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*
cyrusimap2.3.3cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*
cyrusimap2.3.4cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*
cyrusimap2.3.5cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*
cyrusimap2.3.6cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*
cyrusimap2.3.7cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	leap	42.1	cpe:2.3:o:opensuse:leap:42.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
cyrus	imap	2.3.0	cpe:2.3:a:cyrus:imap:2.3.0:::::::*
cyrus	imap	2.3.1	cpe:2.3:a:cyrus:imap:2.3.1:::::::*
cyrus	imap	2.3.2	cpe:2.3:a:cyrus:imap:2.3.2:::::::*
cyrus	imap	2.3.3	cpe:2.3:a:cyrus:imap:2.3.3:::::::*
cyrus	imap	2.3.4	cpe:2.3:a:cyrus:imap:2.3.4:::::::*
cyrus	imap	2.3.5	cpe:2.3:a:cyrus:imap:2.3.5:::::::*
cyrus	imap	2.3.6	cpe:2.3:a:cyrus:imap:2.3.6:::::::*
cyrus	imap	2.3.7	cpe:2.3:a:cyrus:imap:2.3.7:::::::*