CVE Vulnerabilities

CVE-2015-8078

Published: Dec 03, 2015 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
5.8 MODERATE
AV:N/AC:M/Au:N/C:N/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Affected Software

Name Vendor Start Version End Version
Leap Opensuse 42.1 (including) 42.1 (including)
Opensuse Opensuse 13.2 (including) 13.2 (including)
Cyrus-imapd Ubuntu upstream *
Cyrus-imapd Ubuntu vivid *
Cyrus-imapd-2.4 Ubuntu esm-apps/xenial *
Cyrus-imapd-2.4 Ubuntu precise *
Cyrus-imapd-2.4 Ubuntu trusty *
Cyrus-imapd-2.4 Ubuntu upstream *
Cyrus-imapd-2.4 Ubuntu vivid *
Cyrus-imapd-2.4 Ubuntu wily *
Cyrus-imapd-2.4 Ubuntu xenial *

References