CVE-2015-8076: Buffer Overflow
First published: Thu Dec 03 2015(Updated: )
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE Leap | =42.1 | |
| openSUSE openSUSE | =13.2 | |
| Cyrus IMAP | =2.3.0 | |
| Cyrus IMAP | =2.3.1 | |
| Cyrus IMAP | =2.3.2 | |
| Cyrus IMAP | =2.3.3 | |
| Cyrus IMAP | =2.3.4 | |
| Cyrus IMAP | =2.3.5 | |
| Cyrus IMAP | =2.3.6 | |
| Cyrus IMAP | =2.3.7 | |
| Cyrus IMAP | =2.3.8 | |
| Cyrus IMAP | =2.3.9 | |
| Cyrus IMAP | =2.3.10 | |
| Cyrus IMAP | =2.3.11 | |
| Cyrus IMAP | =2.3.12 | |
| Cyrus IMAP | =2.3.13 | |
| Cyrus IMAP | =2.3.14 | |
| Cyrus IMAP | =2.3.15 | |
| Cyrus IMAP | =2.3.16 | |
| Cyrus IMAP | =2.3.17 | |
| Cyrus IMAP | =2.3.18 | |
| Cyrus IMAP | =2.4.0 | |
| Cyrus IMAP | =2.4.1 | |
| Cyrus IMAP | =2.4.2 | |
| Cyrus IMAP | =2.4.3 | |
| Cyrus IMAP | =2.4.4 | |
| Cyrus IMAP | =2.4.5 | |
| Cyrus IMAP | =2.4.6 | |
| Cyrus IMAP | =2.4.7 | |
| Cyrus IMAP | =2.4.8 | |
| Cyrus IMAP | =2.4.9 | |
| Cyrus IMAP | =2.4.10 | |
| Cyrus IMAP | =2.4.11 | |
| Cyrus IMAP | =2.4.12 | |
| Cyrus IMAP | =2.4.13 | |
| Cyrus IMAP | =2.4.14 | |
| Cyrus IMAP | =2.4.15 | |
| Cyrus IMAP | =2.4.16 | |
| Cyrus IMAP | =2.4.17 | |
| Cyrus IMAP | =2.5.0 | |
| Cyrus IMAP | =2.5.1 | |
| Cyrus IMAP | =2.5.2 | |
| Cyrus IMAP | =2.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html
- http://www.openwall.com/lists/oss-security/2015/09/29/2
- http://www.openwall.com/lists/oss-security/2015/09/30/3
- http://www.openwall.com/lists/oss-security/2015/11/04/3
- https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
- https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
- https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html
- https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html
- https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html
- agent/references
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/42.1
- canonical/opensuse opensuse
- version/opensuse opensuse/13.2
- vendor/cyrus
- canonical/cyrus imap
- version/cyrus imap/2.3.0
- version/cyrus imap/2.3.1
- version/cyrus imap/2.3.2
- version/cyrus imap/2.3.3
- version/cyrus imap/2.3.4
- version/cyrus imap/2.3.5
- version/cyrus imap/2.3.6
- version/cyrus imap/2.3.7
- version/cyrus imap/2.3.8
- version/cyrus imap/2.3.9
- version/cyrus imap/2.3.10
- version/cyrus imap/2.3.11
- version/cyrus imap/2.3.12
- version/cyrus imap/2.3.13
- version/cyrus imap/2.3.14
- version/cyrus imap/2.3.15
- version/cyrus imap/2.3.16
- version/cyrus imap/2.3.17
- version/cyrus imap/2.3.18
- version/cyrus imap/2.4.0
- version/cyrus imap/2.4.1
- version/cyrus imap/2.4.2
- version/cyrus imap/2.4.3
- version/cyrus imap/2.4.4
- version/cyrus imap/2.4.5
- version/cyrus imap/2.4.6
- version/cyrus imap/2.4.7
- version/cyrus imap/2.4.8
- version/cyrus imap/2.4.9
- version/cyrus imap/2.4.10
- version/cyrus imap/2.4.11
- version/cyrus imap/2.4.12
- version/cyrus imap/2.4.13
- version/cyrus imap/2.4.14
- version/cyrus imap/2.4.15
- version/cyrus imap/2.4.16
- version/cyrus imap/2.4.17
- version/cyrus imap/2.5.0
- version/cyrus imap/2.5.1
- version/cyrus imap/2.5.2
- version/cyrus imap/2.5.3