CVE-2015-8076Improper Restriction of Operations within the Bounds of a Memory Buffer in Imap

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-200Sensitive Information ExposureCWE-125Out-of-bounds ReadCWE-122Heap-based Buffer OverflowCWE-190Integer Overflow or Wraparound10 documents6 sources
Severity
7.5HIGHNVD
EPSS
2.6%
top 14.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cyrus ImapOpensuse LeapOpensuse
Timeline
PublishedDec 3
Latest updateMay 14

Description

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDcyrus/imap41 versions+40
NVDopensuse/leap42.1

🔴Vulnerability Details

3
GHSA
GHSA-fxwg-gpw8-9wrp: The index_urlfetch function in index2022-05-14
OSV
CVE-2015-8076: The index_urlfetch function in index2015-12-03
CVEList
CVE-2015-8076: The index_urlfetch function in index2015-12-03

📋Vendor Advisories

3
Red Hat
cyrus-imapd: Integer overflow in index_urlfetch2015-10-26
Red Hat
cyrus-imapd: Integer overflow in range checks2015-10-26
Red Hat
cyrus-imapd: Out of bounds heap read in index_urlfetch2015-06-18

💬Community

3
Bugzilla
CVE-2015-8078 cyrus-imapd: Integer overflow in index_urlfetch2015-11-05
Bugzilla
CVE-2015-8077 cyrus-imapd: Integer overflow in range checks2015-11-05
Bugzilla
CVE-2015-8076 cyrus-imapd: Out of bounds heap read in index_urlfetch2015-10-01
CVE-2015-8076 — Cyrus Imap vulnerability | cvebase