ID CVE-2015-8077
Summary Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
References
Vulnerable Configurations
  • cpe:2.3:a:cyrus:imap:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.18:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-02-2023 - 23:15)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm
mlist
  • [Cyrus-devel] 20151005 Recent security fixes
  • [oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP
  • [oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP
sectrack 1034282
suse
  • SUSE-SU-2016:1457
  • SUSE-SU-2016:1459
  • openSUSE-SU-2015:2130
  • openSUSE-SU-2015:2200
Last major update 12-02-2023 - 23:15
Published 03-12-2015 - 20:59
Last modified 12-02-2023 - 23:15
Back to Top