CVE-2015-8077 — Integer Overflow or Wraparound in Imap

CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

7.5HIGHNVD

EPSS

3.4%

top 12.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cyrus Imap Opensuse Leap Opensuse

Timeline

PublishedDec 3

Latest updateMay 14

Description

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDcyrus/imap41 versions+40

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

🔴Vulnerability Details

GHSA

GHSA-gjf9-hv65-fr5w: Integer overflow in the index_urlfetch function in imap/index↗2022-05-14

▶

CVEList

CVE-2015-8077: Integer overflow in the index_urlfetch function in imap/index↗2015-12-03

▶

OSV

CVE-2015-8077: Integer overflow in the index_urlfetch function in imap/index↗2015-12-03

▶

📋Vendor Advisories

Red Hat

cyrus-imapd: Integer overflow in range checks↗2015-10-26

▶

💬Community

Bugzilla

CVE-2015-8077 cyrus-imapd: Integer overflow in range checks [fedora-all]↗2015-11-05

▶

Bugzilla

CVE-2015-8077 cyrus-imapd: Integer overflow in range checks↗2015-11-05

▶