CVE-2015-8076
Summary
| CVE | CVE-2015-8076 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-12-03 20:59:00 UTC |
| Updated | 2018-10-30 16:27:00 UTC |
| Description | The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. |
Risk And Classification
Problem Types: CWE-119 | CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cyrus | Imap | 2.3.0 | All | All | All |
| Application | Cyrus | Imap | 2.3.1 | All | All | All |
| Application | Cyrus | Imap | 2.3.10 | All | All | All |
| Application | Cyrus | Imap | 2.3.11 | All | All | All |
| Application | Cyrus | Imap | 2.3.12 | All | All | All |
| Application | Cyrus | Imap | 2.3.13 | All | All | All |
| Application | Cyrus | Imap | 2.3.14 | All | All | All |
| Application | Cyrus | Imap | 2.3.15 | All | All | All |
| Application | Cyrus | Imap | 2.3.16 | All | All | All |
| Application | Cyrus | Imap | 2.3.17 | All | All | All |
| Application | Cyrus | Imap | 2.3.18 | All | All | All |
| Application | Cyrus | Imap | 2.3.2 | All | All | All |
| Application | Cyrus | Imap | 2.3.3 | All | All | All |
| Application | Cyrus | Imap | 2.3.4 | All | All | All |
| Application | Cyrus | Imap | 2.3.5 | All | All | All |
| Application | Cyrus | Imap | 2.3.6 | All | All | All |
| Application | Cyrus | Imap | 2.3.7 | All | All | All |
| Application | Cyrus | Imap | 2.3.8 | All | All | All |
| Application | Cyrus | Imap | 2.3.9 | All | All | All |
| Application | Cyrus | Imap | 2.4.0 | All | All | All |
| Application | Cyrus | Imap | 2.4.1 | All | All | All |
| Application | Cyrus | Imap | 2.4.10 | All | All | All |
| Application | Cyrus | Imap | 2.4.11 | All | All | All |
| Application | Cyrus | Imap | 2.4.12 | All | All | All |
| Application | Cyrus | Imap | 2.4.13 | All | All | All |
| Application | Cyrus | Imap | 2.4.14 | All | All | All |
| Application | Cyrus | Imap | 2.4.15 | All | All | All |
| Application | Cyrus | Imap | 2.4.16 | All | All | All |
| Application | Cyrus | Imap | 2.4.17 | All | All | All |
| Application | Cyrus | Imap | 2.4.2 | All | All | All |
| Application | Cyrus | Imap | 2.4.3 | All | All | All |
| Application | Cyrus | Imap | 2.4.4 | All | All | All |
| Application | Cyrus | Imap | 2.4.5 | All | All | All |
| Application | Cyrus | Imap | 2.4.6 | All | All | All |
| Application | Cyrus | Imap | 2.4.7 | All | All | All |
| Application | Cyrus | Imap | 2.4.8 | All | All | All |
| Application | Cyrus | Imap | 2.4.9 | All | All | All |
| Application | Cyrus | Imap | 2.5.0 | All | All | All |
| Application | Cyrus | Imap | 2.5.1 | All | All | All |
| Application | Cyrus | Imap | 2.5.2 | All | All | All |
| Application | Cyrus | Imap | 2.5.3 | All | All | All |
| Application | Cyrus | Imap | 2.3.0 | All | All | All |
| Application | Cyrus | Imap | 2.3.1 | All | All | All |
| Application | Cyrus | Imap | 2.3.10 | All | All | All |
| Application | Cyrus | Imap | 2.3.11 | All | All | All |
| Application | Cyrus | Imap | 2.3.12 | All | All | All |
| Application | Cyrus | Imap | 2.3.13 | All | All | All |
| Application | Cyrus | Imap | 2.3.14 | All | All | All |
| Application | Cyrus | Imap | 2.3.15 | All | All | All |
| Application | Cyrus | Imap | 2.3.16 | All | All | All |
| Application | Cyrus | Imap | 2.3.17 | All | All | All |
| Application | Cyrus | Imap | 2.3.18 | All | All | All |
| Application | Cyrus | Imap | 2.3.2 | All | All | All |
| Application | Cyrus | Imap | 2.3.3 | All | All | All |
| Application | Cyrus | Imap | 2.3.4 | All | All | All |
| Application | Cyrus | Imap | 2.3.5 | All | All | All |
| Application | Cyrus | Imap | 2.3.6 | All | All | All |
| Application | Cyrus | Imap | 2.3.7 | All | All | All |
| Application | Cyrus | Imap | 2.3.8 | All | All | All |
| Application | Cyrus | Imap | 2.3.9 | All | All | All |
| Application | Cyrus | Imap | 2.4.0 | All | All | All |
| Application | Cyrus | Imap | 2.4.1 | All | All | All |
| Application | Cyrus | Imap | 2.4.10 | All | All | All |
| Application | Cyrus | Imap | 2.4.11 | All | All | All |
| Application | Cyrus | Imap | 2.4.12 | All | All | All |
| Application | Cyrus | Imap | 2.4.13 | All | All | All |
| Application | Cyrus | Imap | 2.4.14 | All | All | All |
| Application | Cyrus | Imap | 2.4.15 | All | All | All |
| Application | Cyrus | Imap | 2.4.16 | All | All | All |
| Application | Cyrus | Imap | 2.4.17 | All | All | All |
| Application | Cyrus | Imap | 2.4.2 | All | All | All |
| Application | Cyrus | Imap | 2.4.3 | All | All | All |
| Application | Cyrus | Imap | 2.4.4 | All | All | All |
| Application | Cyrus | Imap | 2.4.5 | All | All | All |
| Application | Cyrus | Imap | 2.4.6 | All | All | All |
| Application | Cyrus | Imap | 2.4.7 | All | All | All |
| Application | Cyrus | Imap | 2.4.8 | All | All | All |
| Application | Cyrus | Imap | 2.4.9 | All | All | All |
| Application | Cyrus | Imap | 2.5.0 | All | All | All |
| Application | Cyrus | Imap | 2.5.1 | All | All | All |
| Application | Cyrus | Imap | 2.5.2 | All | All | All |
| Application | Cyrus | Imap | 2.5.3 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| openSUSE-SU-2015:1623-1: moderate: Security update for cyrus-imapd | SUSE | lists.opensuse.org | |
| oss-security - Re: CVE request: urlfetch range handling flaw in Cyrus IMAP | MLIST | www.openwall.com | |
| Cyrus IMAP 2.5.4 Release Notes — Cyrus IMAP and SASL documentation | CONFIRM | docs.cyrus.foundation | Vendor Advisory |
| [security-announce] SUSE-SU-2016:1457-1: important: Security update for | SUSE | lists.opensuse.org | |
| cyrus.foundation/cyrus-imapd/commit | CONFIRM | cyrus.foundation | |
| [security-announce] SUSE-SU-2016:1459-1: important: Security update for | SUSE | lists.opensuse.org | |
| Cyrus IMAP 2.4.18 Release Notes — Cyrus IMAP and SASL documentation | CONFIRM | docs.cyrus.foundation | Vendor Advisory |
| oss-security - Re: CVE request: urlfetch range handling flaw in Cyrus IMAP | MLIST | www.openwall.com | |
| openSUSE-SU-2015:1622-1: moderate: Security update for cyrus-imapd | SUSE | lists.opensuse.org | |
| cyrus.foundation/cyrus-imapd/commit | CONFIRM | cyrus.foundation | Vendor Advisory |
| Cyrus IMAP 2.3.19 Release Notes — Cyrus IMAP and SASL documentation | CONFIRM | docs.cyrus.foundation | |
| oss-security - CVE request: urlfetch range handling flaw in Cyrus IMAP | MLIST | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.