CVE-2015-8076

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html
http://www.openwall.com/lists/oss-security/2015/09/30/3
https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html
https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html
https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
http://www.openwall.com/lists/oss-security/2015/11/04/3
http://www.openwall.com/lists/oss-security/2015/09/29/2
https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html	Vendor Advisory
https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:opensuse:leap:42.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cyrus:imap:2.3.0:::::::*
	cpe:2.3:a:cyrus:imap:2.3.1:::::::*
	cpe:2.3:a:cyrus:imap:2.3.8:::::::*
	cpe:2.3:a:cyrus:imap:2.3.9:::::::*
	cpe:2.3:a:cyrus:imap:2.3.16:::::::*
	cpe:2.3:a:cyrus:imap:2.3.17:::::::*
	cpe:2.3:a:cyrus:imap:2.4.6:::::::*
	cpe:2.3:a:cyrus:imap:2.4.7:::::::*
	cpe:2.3:a:cyrus:imap:2.4.14:::::::*
	cpe:2.3:a:cyrus:imap:2.4.15:::::::*
	cpe:2.3:a:cyrus:imap:2.3.6:::::::*
	cpe:2.3:a:cyrus:imap:2.4.4:::::::*
	cpe:2.3:a:cyrus:imap:2.3.7:::::::*
	cpe:2.3:a:cyrus:imap:2.3.4:::::::*
	cpe:2.3:a:cyrus:imap:2.4.1:::::::*
	cpe:2.3:a:cyrus:imap:2.3.5:::::::*
	cpe:2.3:a:cyrus:imap:2.4.11:::::::*
	cpe:2.3:a:cyrus:imap:2.5.1:::::::*
	cpe:2.3:a:cyrus:imap:2.4.10:::::::*
	cpe:2.3:a:cyrus:imap:2.3.3:::::::*
	cpe:2.3:a:cyrus:imap:2.4.2:::::::*
	cpe:2.3:a:cyrus:imap:2.5.0:::::::*
	cpe:2.3:a:cyrus:imap:2.3.14:::::::*
	cpe:2.3:a:cyrus:imap:2.3.13:::::::*
	cpe:2.3:a:cyrus:imap:2.3.12:::::::*
	cpe:2.3:a:cyrus:imap:2.4.3:::::::*
	cpe:2.3:a:cyrus:imap:2.4.5:::::::*
	cpe:2.3:a:cyrus:imap:2.5.2:::::::*
	cpe:2.3:a:cyrus:imap:2.4.13:::::::*
	cpe:2.3:a:cyrus:imap:2.4.12:::::::*
	cpe:2.3:a:cyrus:imap:2.5.3:::::::*
	cpe:2.3:a:cyrus:imap:2.3.15:::::::*
	cpe:2.3:a:cyrus:imap:2.3.2:::::::*
	cpe:2.3:a:cyrus:imap:2.4.16:::::::*
	cpe:2.3:a:cyrus:imap:2.4.0:::::::*
	cpe:2.3:a:cyrus:imap:2.4.8:::::::*
	cpe:2.3:a:cyrus:imap:2.4.17:::::::*
	cpe:2.3:a:cyrus:imap:2.3.10:::::::*
	cpe:2.3:a:cyrus:imap:2.3.18:::::::*
	cpe:2.3:a:cyrus:imap:2.4.9:::::::*
	cpe:2.3:a:cyrus:imap:2.3.11:::::::*

Information

Published : 2015-12-03 12:59

Updated : 2018-10-30 09:27

NVD link : CVE-2015-8076

Mitre link : CVE-2015-8076

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

cyrus

imap

opensuse

opensuse
leap

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html", "name": "openSUSE-SU-2015:1623", "tags": [], "refsource": "SUSE"}, {"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3", "name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", "tags": [], "refsource": "MLIST"}, {"url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html", "name": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html", "tags": [], "refsource": "CONFIRM"}, {"url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html", "name": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html", "name": "openSUSE-SU-2015:1622", "tags": [], "refsource": "SUSE"}, {"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921", "name": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3", "name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", "tags": [], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2015/09/29/2", "name": "[oss-security] 20150929 CVE request: urlfetch range handling flaw in Cyrus", "tags": [], "refsource": "MLIST"}, {"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html", "name": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b", "name": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html", "name": "SUSE-SU-2016:1457", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html", "name": "SUSE-SU-2016:1459", "tags": [], "refsource": "SUSE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-8076", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-12-03T20:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cyrus:imap:2.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}

7.5 /10