Integer overflow

🗓️ 03 Dec 2015 20:59:00Reported by PRIOn knowledge baseType

Integer overflow in index_urlfetch function in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and start_octet variable. Incomplete fix for CVE-2015-8076

Reporter	Title	Published	Views	Family All 50
ALT Linux	Security fix for the ALT Linux 9 package cyrus-imapd version 2.5.7-alt1	11 Dec 201500:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 7 package cyrus-imapd version 2.4.18-alt1.M70P.1	7 Jan 201600:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.7-alt1	11 Dec 201500:00	–	altlinux
CNVD	Cyrus IMAP index_urlfetch integer overflow vulnerability (CNVD-2015-07902)	4 Dec 201500:00	–	cnvd
CNVD	Cyrus IMAP index_urlfetch Information Disclosure Vulnerability	4 Dec 201500:00	–	cnvd
CVE	CVE-2015-8076	3 Dec 201520:00	–	cve
CVE	CVE-2015-8077	3 Dec 201520:00	–	cve
Cvelist	CVE-2015-8076	3 Dec 201520:00	–	cvelist
Cvelist	CVE-2015-8077	3 Dec 201520:00	–	cvelist
FreeBSD	cyrus-imapd -- integer overflow in the start_octet addition	4 Nov 201500:00	–	freebsd

Source	Link
openwall	www.openwall.com/lists/oss-security/2015/09/30/3
lists	www.lists.opensuse.org/opensuse-updates/2015-11/msg00156.html
cyrus	www.cyrus.foundation/cyrus-imapd/commit/
lists	www.lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html
openwall	www.openwall.com/lists/oss-security/2015/11/04/3
docs	www.docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html
lists	www.lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
lists	www.lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
lists	www.lists.opensuse.org/opensuse-updates/2015-12/msg00015.html
securitytracker	www.securitytracker.com/id/1034282

12 Feb 2023 23:15Current

7.4High risk

Vulners AI Score7.4

EPSS0.03429