CVE-2015-8078 — Integer Overflow or Wraparound in Imap

CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 25.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cyrus Imap Opensuse Leap Opensuse

Timeline

PublishedDec 3

Latest updateMay 14

Description

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDcyrus/imap41 versions+40

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

🔴Vulnerability Details

GHSA

GHSA-5pfc-g3f2-6263: Integer overflow in the index_urlfetch function in imap/index↗2022-05-14

▶

CVEList

CVE-2015-8078: Integer overflow in the index_urlfetch function in imap/index↗2015-12-03

▶

OSV

CVE-2015-8078: Integer overflow in the index_urlfetch function in imap/index↗2015-12-03

▶

📋Vendor Advisories

Red Hat

cyrus-imapd: Integer overflow in index_urlfetch↗2015-10-26

▶

💬Community

Bugzilla

CVE-2015-8078 cyrus-imapd: Integer overflow in index_urlfetch↗2015-11-05

▶

Bugzilla

CVE-2015-8078 cyrus-imapd: Integer overflow in index_urlfetch [fedora-all]↗2015-11-05

▶