{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-24T00:00:00", "descriptions": [{"lang": "en", "value": "The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-28T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"}, {"name": "openSUSE-SU-2015:1623", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"}, {"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"}, {"name": "openSUSE-SU-2015:1622", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"}, {"name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"}, {"name": "SUSE-SU-2016:1459", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"}, {"name": "SUSE-SU-2016:1457", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"}, {"name": "[oss-security] 20150929 CVE request: urlfetch range handling flaw in Cyrus", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-8076", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html", "refsource": "CONFIRM", "url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"}, {"name": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html", "refsource": "CONFIRM", "url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"}, {"name": "openSUSE-SU-2015:1623", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"}, {"name": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html", "refsource": "CONFIRM", "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"}, {"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"}, {"name": "openSUSE-SU-2015:1622", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"}, {"name": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921", "refsource": "CONFIRM", "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"}, {"name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"}, {"name": "SUSE-SU-2016:1459", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"}, {"name": "SUSE-SU-2016:1457", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"}, {"name": "[oss-security] 20150929 CVE request: urlfetch range handling flaw in Cyrus", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"}, {"name": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b", "refsource": "CONFIRM", "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:06:31.675Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"}, {"name": "openSUSE-SU-2015:1623", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"}, {"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"}, {"name": "openSUSE-SU-2015:1622", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"}, {"name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"}, {"name": "SUSE-SU-2016:1459", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"}, {"name": "SUSE-SU-2016:1457", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"}, {"name": "[oss-security] 20150929 CVE request: urlfetch range handling flaw in Cyrus", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-8076", "datePublished": "2015-12-03T20:00:00", "dateReserved": "2015-11-04T00:00:00", "dateUpdated": "2024-08-06T08:06:31.675Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB8010D9-3E9A-4E02-B623-14A7E7D6E36B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B29B6023-B43F-4E86-B1B9-43030A4318B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2488FA8D-4A00-4552-9D53-719C48A3C852", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "4E5DD1C0-94DA-4B0F-8F12-27EA6A778AB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF750E40-8AE9-4E2C-8AB9-5F3516D8A59B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "D182B614-963F-4795-9F19-BBA539E873DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "98F3F484-F9BC-44F8-9198-A5B256008F5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "2C31176E-CA98-4D05-AD24-E4B804466044", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "15439E12-10BF-4639-B1CE-A9576C912DB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "4227C194-65EC-492D-B103-81DE69F2F3DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "4EA01D24-FD48-4155-8414-6AC6C077089E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "EA294EE1-3F4E-4AED-97E0-117C6E4801DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "0F7FB3C0-4389-41E5-B7D4-CF1E11F8E60C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "23870D8F-A9B3-4F93-9101-EE4ECD7B9927", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "2F9406E6-0CA1-44BE-9B0D-FC5ACDB777B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "E86DB81E-0DFF-4CA6-8643-EB8E7B096EE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "CC81D721-C4C7-4E79-8EA7-48E54A30A3AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.17:*:*:*:*:*:*:*", "matchCriteriaId": "6E15275B-7106-49C0-BF61-EEEE183F65AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.3.18:*:*:*:*:*:*:*", "matchCriteriaId": "0CBEAC0D-1793-45C7-9A39-CC7F9F4EE4DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA4ABA24-DD0E-478E-A503-BBD0522A4130", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "80119A9A-D728-4646-A5DE-610D82FD7A56", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "926C716E-4D2D-4457-B8CC-CB0DF43AF6FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "25BF767D-AF1A-4FFF-AFB1-8DF62257FAEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5BEFE14-B04A-46AC-A086-39A6611A68D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "022D8959-B923-4577-A539-7EB5A7C9F71D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "68E7D10E-B6CC-4131-8D6C-4C461B1A1877", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "03108AC9-8D1F-408A-A763-75826A30F592", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "3BE92657-EF13-4178-A0A7-D67FB025E68A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "0DC0604B-57C2-48BD-9D05-7BF323B72F1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "57349AD7-4B02-419F-A0BA-05FB82118C28", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "5123A625-F376-4565-AE73-A1D5ED857381", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "892ED37F-513A-41B4-9156-A3E97F1408C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "FD878F64-4DB5-4E8D-8102-2935D9FC8F54", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "101B7930-5D96-435F-833D-EEDCCA6A2265", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "0A57B9E9-C6BC-4ED6-9CB2-E7D36B4C7A6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "EEF73A59-DE7D-4031-848F-AA2A3998C946", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "494DE44F-3694-460D-B83E-398D541AD27C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "65828710-86AB-49A5-AB94-5A10E4E8C203", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "352E2F78-2796-4DB2-A68B-B5AB9826148C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "910DAFB7-F23F-47F6-8EF5-85DACFD32950", "vulnerable": true}, {"criteria": "cpe:2.3:a:cyrus:imap:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E07D05DF-BDB6-4C3E-8430-DB97D3EEDA8D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read."}, {"lang": "es", "value": "La funci\u00f3n index_urlfetch en index.c en Cyrus IMAP 2.3.x en versiones anteriores a 2.3.19, 2.4.x en versiones anteriores a 2.4.18, 2.5.x en versiones anteriores a 2.5.4 permite a atacantes remotos obtener informaci\u00f3n sensible o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores relacionados con el intervalo urlfetch, lo que desencadena una lectura de memoria din\u00e1mica fuera de rango."}], "id": "CVE-2015-8076", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-12-03T20:59:07.533", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"}, {"source": "secalert@redhat.com", "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"}, {"source": "secalert@redhat.com", "url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "cyrus-imapd: Out of bounds heap read in index_urlfetch", "id": "1267869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267869"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "draft"}, "cwe": "(CWE-125|CWE-122)->CWE-200", "details": ["The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read."], "name": "CVE-2015-8076", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "cyrus-imapd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "cyrus-imapd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "cyrus-imapd", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8076\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8076"], "threat_severity": "Low"}

{}