[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-8076Date: (C)2015-12-15   (M)2023-12-22


The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUSE-SU-2016:1457
SUSE-SU-2016:1459
http://www.openwall.com/lists/oss-security/2015/09/29/2
http://www.openwall.com/lists/oss-security/2015/09/30/3
http://www.openwall.com/lists/oss-security/2015/11/04/3
https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html
https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html
https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html
openSUSE-SU-2015:1622
openSUSE-SU-2015:1623

CPE    41
cpe:/a:cyrus:imap:2.5.3
cpe:/a:cyrus:imap:2.4.15
cpe:/a:cyrus:imap:2.3.5
cpe:/a:cyrus:imap:2.5.2
...
CWE    1
CWE-119
OVAL    5
oval:org.secpod.oval:def:109738
oval:org.secpod.oval:def:109885
oval:org.secpod.oval:def:400675
oval:org.secpod.oval:def:89045322
...

© SecPod Technologies