CVE-2015-8076

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html
http://www.openwall.com/lists/oss-security/2015/09/29/2
http://www.openwall.com/lists/oss-security/2015/09/30/3
http://www.openwall.com/lists/oss-security/2015/11/04/3
https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b Vendor Advisory
https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html
https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html Vendor Advisory
https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html
http://www.openwall.com/lists/oss-security/2015/09/29/2
http://www.openwall.com/lists/oss-security/2015/09/30/3
http://www.openwall.com/lists/oss-security/2015/11/04/3
https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b Vendor Advisory
https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html
https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html Vendor Advisory
https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.13:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.15:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.16:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.17:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.3.18:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.13:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.14:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.15:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:cyrus:imap:2.5.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:37

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html - () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html -
References () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html -
References () http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html - () http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html -
References () http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html - () http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html -
References () http://www.openwall.com/lists/oss-security/2015/09/29/2 - () http://www.openwall.com/lists/oss-security/2015/09/29/2 -
References () http://www.openwall.com/lists/oss-security/2015/09/30/3 - () http://www.openwall.com/lists/oss-security/2015/09/30/3 -
References () http://www.openwall.com/lists/oss-security/2015/11/04/3 - () http://www.openwall.com/lists/oss-security/2015/11/04/3 -
References () https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 - () https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 -
References () https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b - Vendor Advisory () https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b - Vendor Advisory
References () https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html - () https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html -
References () https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html - Vendor Advisory () https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html - Vendor Advisory
References () https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html - Vendor Advisory () https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html - Vendor Advisory

Information

Published : 2015-12-03 20:59

Updated : 2024-11-21 02:37


NVD link : CVE-2015-8076

Mitre link : CVE-2015-8076

CVE.ORG link : CVE-2015-8076


JSON object : View

Products Affected

opensuse

  • leap
  • opensuse

cyrus

  • imap
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor