CVE-2015-2181Improper Restriction of Operations within the Bounds of a Memory Buffer in Webmail

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 26.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Roundcube Webmail
Timeline
PublishedJan 30
Latest updateMay 14

Description

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDroundcube/webmail< 1.1.0

🔴Vulnerability Details

3
GHSA
GHSA-v2gp-p8mp-5q72: Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 12022-05-14
OSV
CVE-2015-2181: Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 12017-01-30
CVEList
CVE-2015-2181: Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 12017-01-30

📋Vendor Advisories

1
Debian
CVE-2015-2181: roundcube - Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcu...2015

💬Community

3
Bugzilla
CVE-2015-2181 CVE-2015-8864 CVE-2016-4068 CVE-2016-4069 roundcubemail: security issues fixed in version 1.0.9 [fedora-all]2016-04-25
Bugzilla
CVE-2015-2181 CVE-2015-8864 CVE-2016-4068 CVE-2016-4069 roundcubemail: security issues fixed in version 1.0.92016-04-25
Bugzilla
CVE-2015-2181 CVE-2015-8864 CVE-2016-4068 CVE-2016-4069 roundcubemail: security issues fixed in version 1.0.9 [epel-all]2016-04-25
CVE-2015-2181 — Roundcube Webmail vulnerability | cvebase