CVE-2015-8077

NONE EPSS 86.9%
Published Dec 3, 201510y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 3, 2015 10y ago
Last Modified Jun 17, 2026 2w ago

Description

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Threat Intelligence

EPSS Exploit Probability
86.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-189

Affected Products 43

VendorProductVersionRange
cyrusimap2.3.0any
cyrusimap2.3.1any
cyrusimap2.3.2any
cyrusimap2.3.3any
cyrusimap2.3.4any
cyrusimap2.3.5any
cyrusimap2.3.6any
cyrusimap2.3.7any
cyrusimap2.3.8any
cyrusimap2.3.9any
cyrusimap2.3.10any
cyrusimap2.3.11any
cyrusimap2.3.12any
cyrusimap2.3.13any
cyrusimap2.3.14any
cyrusimap2.3.15any
cyrusimap2.3.16any
cyrusimap2.3.17any
cyrusimap2.3.18any
cyrusimap2.4.0any
cyrusimap2.4.1any
cyrusimap2.4.2any
cyrusimap2.4.3any
cyrusimap2.4.4any
cyrusimap2.4.5any
cyrusimap2.4.6any
cyrusimap2.4.7any
cyrusimap2.4.8any
cyrusimap2.4.9any
cyrusimap2.4.10any
cyrusimap2.4.11any
cyrusimap2.4.12any
cyrusimap2.4.13any
cyrusimap2.4.14any
cyrusimap2.4.15any
cyrusimap2.4.16any
cyrusimap2.4.17any
cyrusimap2.5.0any
cyrusimap2.5.1any
cyrusimap2.5.2any
cyrusimap2.5.3any
opensuseleap42.1any
opensuseopensuse13.2any

References 10

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html
  • openwall.com http://www.openwall.com/lists/oss-security/2015/09/30/3
  • openwall.com http://www.openwall.com/lists/oss-security/2015/11/04/3
  • securitytracker.com http://www.securitytracker.com/id/1034282
  • cyrus.foundation https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08
  • docs.cyrus.foundation https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html
    Vendor Advisory
  • lists.andrew.cmu.edu https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.