Home

CVE-2015-8076

Description

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.628

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) cyrus-imapd-debuginfo-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) cyrus-imapd-debugsource-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) perl-Cyrus-IMAP-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) perl-Cyrus-IMAP-debuginfo-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) perl-Cyrus-SIEVE-managesieve-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1459-1(SUSE Linux Enterprise Server 11-SP4 ) cyrus-imapd-2.3.11-60.65.67.1.x86_64.rpmLinux
SUSE-SU-2016:1459-1(SUSE Linux Enterprise Server 11-SP4 ) perl-Cyrus-IMAP-2.3.11-60.65.67.1.x86_64.rpmLinux
SUSE-SU-2016:1459-1(SUSE Linux Enterprise Server 11-SP4 ) perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234