CVE-2015-8076
Summary
| CVE | CVE-2015-8076 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-12-03 20:59:07 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: CWE-119 | CWE-200 | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cyrus | Imap | 2.3.0 | All | All | All |
| Application | Cyrus | Imap | 2.3.1 | All | All | All |
| Application | Cyrus | Imap | 2.3.10 | All | All | All |
| Application | Cyrus | Imap | 2.3.11 | All | All | All |
| Application | Cyrus | Imap | 2.3.12 | All | All | All |
| Application | Cyrus | Imap | 2.3.13 | All | All | All |
| Application | Cyrus | Imap | 2.3.14 | All | All | All |
| Application | Cyrus | Imap | 2.3.15 | All | All | All |
| Application | Cyrus | Imap | 2.3.16 | All | All | All |
| Application | Cyrus | Imap | 2.3.17 | All | All | All |
| Application | Cyrus | Imap | 2.3.18 | All | All | All |
| Application | Cyrus | Imap | 2.3.2 | All | All | All |
| Application | Cyrus | Imap | 2.3.3 | All | All | All |
| Application | Cyrus | Imap | 2.3.4 | All | All | All |
| Application | Cyrus | Imap | 2.3.5 | All | All | All |
| Application | Cyrus | Imap | 2.3.6 | All | All | All |
| Application | Cyrus | Imap | 2.3.7 | All | All | All |
| Application | Cyrus | Imap | 2.3.8 | All | All | All |
| Application | Cyrus | Imap | 2.3.9 | All | All | All |
| Application | Cyrus | Imap | 2.4.0 | All | All | All |
| Application | Cyrus | Imap | 2.4.1 | All | All | All |
| Application | Cyrus | Imap | 2.4.10 | All | All | All |
| Application | Cyrus | Imap | 2.4.11 | All | All | All |
| Application | Cyrus | Imap | 2.4.12 | All | All | All |
| Application | Cyrus | Imap | 2.4.13 | All | All | All |
| Application | Cyrus | Imap | 2.4.14 | All | All | All |
| Application | Cyrus | Imap | 2.4.15 | All | All | All |
| Application | Cyrus | Imap | 2.4.16 | All | All | All |
| Application | Cyrus | Imap | 2.4.17 | All | All | All |
| Application | Cyrus | Imap | 2.4.2 | All | All | All |
| Application | Cyrus | Imap | 2.4.3 | All | All | All |
| Application | Cyrus | Imap | 2.4.4 | All | All | All |
| Application | Cyrus | Imap | 2.4.5 | All | All | All |
| Application | Cyrus | Imap | 2.4.6 | All | All | All |
| Application | Cyrus | Imap | 2.4.7 | All | All | All |
| Application | Cyrus | Imap | 2.4.8 | All | All | All |
| Application | Cyrus | Imap | 2.4.9 | All | All | All |
| Application | Cyrus | Imap | 2.5.0 | All | All | All |
| Application | Cyrus | Imap | 2.5.1 | All | All | All |
| Application | Cyrus | Imap | 2.5.2 | All | All | All |
| Application | Cyrus | Imap | 2.5.3 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cyrus IMAP 2.4.18 Release Notes — Cyrus IMAP and SASL documentation | af854a3a-2127-422b-91ae-364da2661108 | docs.cyrus.foundation | Vendor Advisory |
| [security-announce] SUSE-SU-2016:1457-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Cyrus IMAP 2.5.4 Release Notes — Cyrus IMAP and SASL documentation | af854a3a-2127-422b-91ae-364da2661108 | docs.cyrus.foundation | Vendor Advisory |
| oss-security - Re: CVE request: urlfetch range handling flaw in Cyrus IMAP | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| [security-announce] SUSE-SU-2016:1459-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| cyrus.foundation/cyrus-imapd/commit | af854a3a-2127-422b-91ae-364da2661108 | cyrus.foundation | |
| openSUSE-SU-2015:1623-1: moderate: Security update for cyrus-imapd | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| cyrus.foundation/cyrus-imapd/commit | af854a3a-2127-422b-91ae-364da2661108 | cyrus.foundation | Vendor Advisory |
| oss-security - CVE request: urlfetch range handling flaw in Cyrus IMAP | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| openSUSE-SU-2015:1622-1: moderate: Security update for cyrus-imapd | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Cyrus IMAP 2.3.19 Release Notes — Cyrus IMAP and SASL documentation | af854a3a-2127-422b-91ae-364da2661108 | docs.cyrus.foundation | |
| oss-security - Re: CVE request: urlfetch range handling flaw in Cyrus IMAP | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.