2015-12-03 21:59:10 2018-10-30 17:27:35

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Cyrus Imap 2.5.3 (not an official CPE) Cyrus Imap 2.5.2 (not an official CPE) Cyrus Imap 2.5.1 (not an official CPE) Cyrus Imap 2.5.0 (not an official CPE) Cyrus Imap 2.4.17 (not an official CPE) Cyrus Imap 2.4.16 (not an official CPE) Cyrus Imap 2.4.15 (not an official CPE) Cyrus Imap 2.4.14 (not an official CPE) Cyrus Imap 2.4.13 (not an official CPE) Cyrus Imap 2.4.12 (not an official CPE) Cyrus Imap 2.4.11 (not an official CPE) Cyrus Imap 2.4.10 (not an official CPE) Cyrus Imap 2.4.9 (not an official CPE) Cyrus Imap 2.4.8 (not an official CPE) Cyrus Imap 2.4.7 (not an official CPE) Cyrus Imap 2.4.6 (not an official CPE) Cyrus Imap 2.4.5 (not an official CPE) Cyrus Imap 2.4.4 (not an official CPE) Cyrus Imap 2.4.3 (not an official CPE) Cyrus Imap 2.4.2 (not an official CPE) Cyrus Imap 2.4.1 (not an official CPE) Cyrus Imap 2.4.0 (not an official CPE) Cyrus Imap 2.3.18 (not an official CPE) Cyrus Imap 2.3.17 (not an official CPE) Cyrus Imap 2.3.16 (not an official CPE) Cyrus Imap 2.3.15 (not an official CPE) Cyrus Imap 2.3.14 (not an official CPE) Cyrus Imap 2.3.13 (not an official CPE) Cyrus Imap 2.3.12 (not an official CPE) Cyrus Imap 2.3.11 (not an official CPE) Cyrus Imap 2.3.10 (not an official CPE) Cyrus Imap 2.3.9 (not an official CPE) Cyrus Imap 2.3.8 (not an official CPE) Cyrus Imap 2.3.7 (not an official CPE) Cyrus Imap 2.3.6 (not an official CPE) Cyrus Imap 2.3.5 (not an official CPE) Cyrus Imap 2.3.4 (not an official CPE) Cyrus Imap 2.3.3 (not an official CPE) Cyrus Imap 2.3.2 (not an official CPE) Cyrus Imap 2.3.1 (not an official CPE) Cyrus Imap 2.3.0 (not an official CPE)