QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8078

Published: Dec 3, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html

x_refsource_CONFIRM

[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP

mailing-list

x_refsource_MLIST

openSUSE-SU-2015:2130

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:1459

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_SECTRACK

SUSE-SU-2016:1457

vendor-advisory

x_refsource_SUSE

https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.