CVE-2015-8076
published 2015-12-03CVE-2015-8076: The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.26%
86.8th percentile
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
| cyrus | imap | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5pfc-g3f2-6263: Integer overflow in the index_urlfetch function in imap/index
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2015-8078 [HIGH] GHSA-5pfc-g3f2-6263: Integer overflow in the index_urlfetch function in imap/index
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
GHSA
GHSA-fxwg-gpw8-9wrp: The index_urlfetch function in index
ghsa_unreviewed·2022-05-14
CVE-2015-8076 [HIGH] CWE-119 GHSA-fxwg-gpw8-9wrp: The index_urlfetch function in index
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
GHSA
GHSA-gjf9-hv65-fr5w: Integer overflow in the index_urlfetch function in imap/index
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2015-8077 [HIGH] GHSA-gjf9-hv65-fr5w: Integer overflow in the index_urlfetch function in imap/index
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
OSV
CVE-2015-8076: The index_urlfetch function in index
osv·2015-12-03·CVSS 7.5
CVE-2015-8076 [HIGH] CVE-2015-8076: The index_urlfetch function in index
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
OSV
CVE-2015-8077: Integer overflow in the index_urlfetch function in imap/index
osv·2015-12-03·CVSS 7.5
CVE-2015-8077 [HIGH] CVE-2015-8077: Integer overflow in the index_urlfetch function in imap/index
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
OSV
CVE-2015-8078: Integer overflow in the index_urlfetch function in imap/index
osv·2015-12-03·CVSS 7.5
CVE-2015-8078 [HIGH] CVE-2015-8078: Integer overflow in the index_urlfetch function in imap/index
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
Red Hat
cyrus-imapd: Integer overflow in index_urlfetch
vendor_redhat·2015-10-26·CVSS 7.5
CVE-2015-8078 [HIGH] CWE-190 cyrus-imapd: Integer overflow in index_urlfetch
cyrus-imapd: Integer overflow in index_urlfetch
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
Statement: Not vulnerable. This issue did not affect the versions of cyrus-imapd as shipped with Red Hat Enterprise Linux 5, 6 and 7, as they did not include the patch to fix CVE-2015-8076, which introduced the CVE-2015-8078 issue.
Package: cyrus-imapd (Red Hat Enterprise Linux 5) - Not affected
Package: cyrus-imapd (Red Hat Enterprise Linux 6) - Not affected
Package: cyrus-imapd (Red Hat Enterprise Linux 7) - Not affected
Red Hat
cyrus-imapd: Integer overflow in range checks
vendor_redhat·2015-10-26·CVSS 7.5
CVE-2015-8077 [HIGH] CWE-190 cyrus-imapd: Integer overflow in range checks
cyrus-imapd: Integer overflow in range checks
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
Statement: Not vulnerable. This issue did not affect the versions of cyrus-imapd as shipped with Red Hat Enterprise Linux 5, 6 and 7, as they did not include the patch to fix CVE-2015-8076, which introduced the CVE-2015-8077 issue.
Package: cyrus-imapd (Red Hat Enterprise Linux 5) - Not affected
Package: cyrus-imapd (Red Hat Enterprise Linux 6) - Not affected
Package: cyrus-imapd (Red Hat Enterprise Linux 7) - Not affected
Red Hat
cyrus-imapd: Out of bounds heap read in index_urlfetch
vendor_redhat·2015-06-18·CVSS 7.5
CVE-2015-8076 [HIGH] CWE-125 cyrus-imapd: Out of bounds heap read in index_urlfetch
cyrus-imapd: Out of bounds heap read in index_urlfetch
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
Package: cyrus-imapd (Red Hat Enterprise Linux 5) - Will not fix
Package: cyrus-imapd (Red Hat Enterprise Linux 6) - Will not fix
Package: cyrus-imapd (Red Hat Enterprise Linux 7) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-8078 cyrus-imapd: Integer overflow in index_urlfetch
bugzilla·2015-11-05·CVSS 7.5
CVE-2015-8078 [HIGH] CVE-2015-8078 cyrus-imapd: Integer overflow in index_urlfetch
CVE-2015-8078 cyrus-imapd: Integer overflow in index_urlfetch
An integer overflow vulnerability that emerged after applying partial fix for CVE-2015-8076 by commit https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b was found.
Upstream patch:
https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2
CVE assignment:
http://seclists.org/oss-sec/2015/q4/223
Discussion:
Created cyrus-imapd tracking bugs for this issue:
Affects: fedora-all [bug 1278381]
---
Statement:
Not vulnerable. This issue did not affect the versions of cyrus-imapd as shipped with Red Hat Enterprise Linux 5, 6 and 7, as they did not include the patch to fix CVE-2015-8076, which introduced the CVE-2015-8078 issue.
Bugzilla
CVE-2015-8077 cyrus-imapd: Integer overflow in range checks
bugzilla·2015-11-05·CVSS 7.5
CVE-2015-8077 [HIGH] CVE-2015-8077 cyrus-imapd: Integer overflow in range checks
CVE-2015-8077 cyrus-imapd: Integer overflow in range checks
An integer overflow vulnerability that emerged after applying partial fix for CVE-2015-8076 by commit https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 was found.
Upstream patch:
https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08
CVE assignment:
http://seclists.org/oss-sec/2015/q4/223
Discussion:
Created cyrus-imapd tracking bugs for this issue:
Affects: fedora-all [bug 1278375]
---
Statement:
Not vulnerable. This issue did not affect the versions of cyrus-imapd as shipped with Red Hat Enterprise Linux 5, 6 and 7, as they did not include the patch to fix CVE-2015-8076, which introduced the CVE-2015-8077 issue.
Bugzilla
CVE-2015-8076 cyrus-imapd: Out of bounds heap read in index_urlfetch
bugzilla·2015-10-01·CVSS 7.5
CVE-2015-8076 [HIGH] CVE-2015-8076 cyrus-imapd: Out of bounds heap read in index_urlfetch
CVE-2015-8076 cyrus-imapd: Out of bounds heap read in index_urlfetch
A security fix in 2.4.18 version appeared that handles urlfetch range starting outside message range, causing information disclosure (out of bounds heap read).
Upstream patch:
https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
Later there appeared another related commit:
https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
CVE request:
http://seclists.org/oss-sec/2015/q3/646
Discussion:
Created cyrus-imapd tracking bugs for this issue:
Affects: fedora-all [bug 1267871]
---
CVE assignment:
http://seclists.org/oss-sec/2015/q4/223
---
cyrus-imapd-2.4.18-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist,
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00037.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00038.htmlhttp://www.openwall.com/lists/oss-security/2015/09/29/2http://www.openwall.com/lists/oss-security/2015/09/30/3http://www.openwall.com/lists/oss-security/2015/11/04/3https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587bhttps://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.htmlhttps://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.htmlhttps://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00037.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00038.htmlhttp://www.openwall.com/lists/oss-security/2015/09/29/2http://www.openwall.com/lists/oss-security/2015/09/30/3http://www.openwall.com/lists/oss-security/2015/11/04/3https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587bhttps://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.htmlhttps://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.htmlhttps://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html
2015-12-03
Published