CVE-2015-8077

Published: Dec 3, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Affected (43)

Products: Cyrus: Imap · Opensuse: Leap, Opensuse

1 product

2 products

Configuration A

41 vulnerable

Vulnerable Software	Affected Versions
Cyrus Imap	Version 2.3.0
Cyrus Imap	Version 2.3.10
Cyrus Imap	Version 2.3.11
Cyrus Imap	Version 2.3.12
Cyrus Imap	Version 2.3.13
Cyrus Imap	Version 2.3.14
Cyrus Imap	Version 2.3.15
Cyrus Imap	Version 2.3.16
Cyrus Imap	Version 2.3.17
Cyrus Imap	Version 2.3.18
Cyrus Imap	Version 2.3.1
Cyrus Imap	Version 2.3.2
Cyrus Imap	Version 2.3.3
Cyrus Imap	Version 2.3.4
Cyrus Imap	Version 2.3.5
Cyrus Imap	Version 2.3.6
Cyrus Imap	Version 2.3.7
Cyrus Imap	Version 2.3.8
Cyrus Imap	Version 2.3.9
Cyrus Imap	Version 2.4.0
Cyrus Imap	Version 2.4.10
Cyrus Imap	Version 2.4.11
Cyrus Imap	Version 2.4.12
Cyrus Imap	Version 2.4.13
Cyrus Imap	Version 2.4.14
Cyrus Imap	Version 2.4.15
Cyrus Imap	Version 2.4.16
Cyrus Imap	Version 2.4.17
Cyrus Imap	Version 2.4.1
Cyrus Imap	Version 2.4.2
Cyrus Imap	Version 2.4.3
Cyrus Imap	Version 2.4.4
Cyrus Imap	Version 2.4.5
Cyrus Imap	Version 2.4.6
Cyrus Imap	Version 2.4.7
Cyrus Imap	Version 2.4.8
Cyrus Imap	Version 2.4.9
Cyrus Imap	Version 2.5.0
Cyrus Imap	Version 2.5.1
Cyrus Imap	Version 2.5.2
Cyrus Imap	Version 2.5.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.2

Related CWEs

References (20)

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2015/09/30/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2015/11/04/3

Source: secalert@redhat.com

http://www.securitytracker.com/id/1034282

Source: secalert@redhat.com

https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08

Source: secalert@redhat.com

https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html

Source: secalert@redhat.com

Vendor Advisory

https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2015/09/30/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2015/11/04/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034282

Source: af854a3a-2127-422b-91ae-364da2661108

https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.