QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8077

Published: Dec 3, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[Cyrus-devel] 20151005 Recent security fixes

mailing-list

x_refsource_MLIST

https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html

x_refsource_CONFIRM

[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP

mailing-list

x_refsource_MLIST

[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP

mailing-list

x_refsource_MLIST

openSUSE-SU-2015:2130

vendor-advisory

x_refsource_SUSE

https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08

x_refsource_CONFIRM

SUSE-SU-2016:1459

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_SECTRACK

SUSE-SU-2016:1457

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2015:2200

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.