PT-2015-3147 · Cyrus+2 · Cyrus Imap+2

Martin Prpic

Published

2015-07-11

Updated

2018-10-30

CVE-2015-8076

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cyrus IMAP versions 2.3.x through 2.3.18 Cyrus IMAP versions 2.4.x through 2.4.17 Cyrus IMAP versions 2.5.x through 2.5.3

Description The issue is caused by an out-of-bounds heap read in the index urlfetch function. This can allow a remote attacker to obtain sensitive information or possibly have other unspecified impact via vectors related to the urlfetch range.

Recommendations For Cyrus IMAP versions 2.3.x through 2.3.18, update to version 2.3.19 or later. For Cyrus IMAP versions 2.4.x through 2.4.17, update to version 2.4.18 or later. For Cyrus IMAP versions 2.5.x through 2.5.3, update to version 2.5.4 or later.

Fix

Buffer Overflow

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-200

Related Identifiers

ALT-PU-2015-1604

BDU:2016-00362

CVE-2015-8076

SUSE-SU-2016:1457-1

SUSE-SU-2016:1459-1

Affected Products

Alt Linux

Cyrus Imap

Suse

PT-2015-3147 · Cyrus+2 · Cyrus Imap+2

CVE-2015-8076

Weakness Enumeration

Related Identifiers

Affected Products

References · 37