CVE-2015-8076

NONE EPSS 86.9%
Published Dec 3, 201510y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 3, 2015 10y ago
Last Modified Jun 17, 2026 2w ago

Description

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

Threat Intelligence

EPSS Exploit Probability
86.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 43

VendorProductVersionRange
opensuseleap42.1any
opensuseopensuse13.2any
cyrusimap2.3.0any
cyrusimap2.3.1any
cyrusimap2.3.2any
cyrusimap2.3.3any
cyrusimap2.3.4any
cyrusimap2.3.5any
cyrusimap2.3.6any
cyrusimap2.3.7any
cyrusimap2.3.8any
cyrusimap2.3.9any
cyrusimap2.3.10any
cyrusimap2.3.11any
cyrusimap2.3.12any
cyrusimap2.3.13any
cyrusimap2.3.14any
cyrusimap2.3.15any
cyrusimap2.3.16any
cyrusimap2.3.17any
cyrusimap2.3.18any
cyrusimap2.4.0any
cyrusimap2.4.1any
cyrusimap2.4.2any
cyrusimap2.4.3any
cyrusimap2.4.4any
cyrusimap2.4.5any
cyrusimap2.4.6any
cyrusimap2.4.7any
cyrusimap2.4.8any
cyrusimap2.4.9any
cyrusimap2.4.10any
cyrusimap2.4.11any
cyrusimap2.4.12any
cyrusimap2.4.13any
cyrusimap2.4.14any
cyrusimap2.4.15any
cyrusimap2.4.16any
cyrusimap2.4.17any
cyrusimap2.5.0any
cyrusimap2.5.1any
cyrusimap2.5.2any
cyrusimap2.5.3any

References 12

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html
  • openwall.com http://www.openwall.com/lists/oss-security/2015/09/29/2
  • openwall.com http://www.openwall.com/lists/oss-security/2015/09/30/3
  • openwall.com http://www.openwall.com/lists/oss-security/2015/11/04/3
  • cyrus.foundation https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
  • cyrus.foundation https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
    Vendor Advisory
  • docs.cyrus.foundation https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html
  • docs.cyrus.foundation https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html
    Vendor Advisory
  • docs.cyrus.foundation https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.