Vulnerabilites related to cyrus - imap
Vulnerability from fkie_nvd
Published
2015-12-03 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| cyrus | imap | 2.3.0 | |
| cyrus | imap | 2.3.1 | |
| cyrus | imap | 2.3.2 | |
| cyrus | imap | 2.3.3 | |
| cyrus | imap | 2.3.4 | |
| cyrus | imap | 2.3.5 | |
| cyrus | imap | 2.3.6 | |
| cyrus | imap | 2.3.7 | |
| cyrus | imap | 2.3.8 | |
| cyrus | imap | 2.3.9 | |
| cyrus | imap | 2.3.10 | |
| cyrus | imap | 2.3.11 | |
| cyrus | imap | 2.3.12 | |
| cyrus | imap | 2.3.13 | |
| cyrus | imap | 2.3.14 | |
| cyrus | imap | 2.3.15 | |
| cyrus | imap | 2.3.16 | |
| cyrus | imap | 2.3.17 | |
| cyrus | imap | 2.3.18 | |
| cyrus | imap | 2.4.0 | |
| cyrus | imap | 2.4.1 | |
| cyrus | imap | 2.4.2 | |
| cyrus | imap | 2.4.3 | |
| cyrus | imap | 2.4.4 | |
| cyrus | imap | 2.4.5 | |
| cyrus | imap | 2.4.6 | |
| cyrus | imap | 2.4.7 | |
| cyrus | imap | 2.4.8 | |
| cyrus | imap | 2.4.9 | |
| cyrus | imap | 2.4.10 | |
| cyrus | imap | 2.4.11 | |
| cyrus | imap | 2.4.12 | |
| cyrus | imap | 2.4.13 | |
| cyrus | imap | 2.4.14 | |
| cyrus | imap | 2.4.15 | |
| cyrus | imap | 2.4.16 | |
| cyrus | imap | 2.4.17 | |
| cyrus | imap | 2.5.0 | |
| cyrus | imap | 2.5.1 | |
| cyrus | imap | 2.5.2 | |
| cyrus | imap | 2.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8010D9-3E9A-4E02-B623-14A7E7D6E36B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29B6023-B43F-4E86-B1B9-43030A4318B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2488FA8D-4A00-4552-9D53-719C48A3C852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5DD1C0-94DA-4B0F-8F12-27EA6A778AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF750E40-8AE9-4E2C-8AB9-5F3516D8A59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D182B614-963F-4795-9F19-BBA539E873DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3F484-F9BC-44F8-9198-A5B256008F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C31176E-CA98-4D05-AD24-E4B804466044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "15439E12-10BF-4639-B1CE-A9576C912DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4227C194-65EC-492D-B103-81DE69F2F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA01D24-FD48-4155-8414-6AC6C077089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EA294EE1-3F4E-4AED-97E0-117C6E4801DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7FB3C0-4389-41E5-B7D4-CF1E11F8E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "23870D8F-A9B3-4F93-9101-EE4ECD7B9927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9406E6-0CA1-44BE-9B0D-FC5ACDB777B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E86DB81E-0DFF-4CA6-8643-EB8E7B096EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CC81D721-C4C7-4E79-8EA7-48E54A30A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6E15275B-7106-49C0-BF61-EEEE183F65AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBEAC0D-1793-45C7-9A39-CC7F9F4EE4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4ABA24-DD0E-478E-A503-BBD0522A4130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80119A9A-D728-4646-A5DE-610D82FD7A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "926C716E-4D2D-4457-B8CC-CB0DF43AF6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25BF767D-AF1A-4FFF-AFB1-8DF62257FAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BEFE14-B04A-46AC-A086-39A6611A68D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "022D8959-B923-4577-A539-7EB5A7C9F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "68E7D10E-B6CC-4131-8D6C-4C461B1A1877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "03108AC9-8D1F-408A-A763-75826A30F592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE92657-EF13-4178-A0A7-D67FB025E68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0604B-57C2-48BD-9D05-7BF323B72F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "57349AD7-4B02-419F-A0BA-05FB82118C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5123A625-F376-4565-AE73-A1D5ED857381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "892ED37F-513A-41B4-9156-A3E97F1408C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD878F64-4DB5-4E8D-8102-2935D9FC8F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "101B7930-5D96-435F-833D-EEDCCA6A2265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0A57B9E9-C6BC-4ED6-9CB2-E7D36B4C7A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF73A59-DE7D-4031-848F-AA2A3998C946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "494DE44F-3694-460D-B83E-398D541AD27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65828710-86AB-49A5-AB94-5A10E4E8C203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "352E2F78-2796-4DB2-A68B-B5AB9826148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "910DAFB7-F23F-47F6-8EF5-85DACFD32950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E07D05DF-BDB6-4C3E-8430-DB97D3EEDA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n index_urlfetch en imap/index.c en Cyrus IMAP 2.3.19, 2.4.18 y 2.5.6 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de vectores relacionados con comprobaciones del intervalo urlfetch y la variable section_offset. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la CVE-2015-8076."
}
],
"id": "CVE-2015-8078",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-03T20:59:10.690",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1034282"
},
{
"source": "secalert@redhat.com",
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-03 20:29
Modified
2024-11-21 04:20
Severity ?
Summary
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cyrus | imap | * | |
| cyrus | imap | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 18.04 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99BC9B76-718F-48BE-95CD-FEFA216EDFC1",
"versionEndIncluding": "2.5.12",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48EF6A82-6366-48C9-9859-BE6FDA49301D",
"versionEndIncluding": "3.0.9",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name."
},
{
"lang": "es",
"value": "La funci\u00f3n CalDAV en httpd en Cyrus IMAP 2.5.x a 2.5.12 y 3.0.x a 3.0.9 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una operaci\u00f3n HTTP PUT dise\u00f1ada para un evento con un nombre de propiedad largo de iCalendar."
}
],
"id": "CVE-2019-11356",
"lastModified": "2024-11-21T04:20:56.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-03T20:29:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1771"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGO43JS7IFDNITHXOOHOP6JHRKRDIYY6/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICSZDC3UGEUZ27VXGGM6OFI67D3KKLZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4566-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGO43JS7IFDNITHXOOHOP6JHRKRDIYY6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICSZDC3UGEUZ27VXGGM6OFI67D3KKLZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4566-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4458"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-10 07:29
Modified
2025-04-20 01:37
Severity ?
Summary
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B093D058-650F-443F-AB82-F3E58BFD222B",
"versionEndIncluding": "3.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a \u0027LIST \"\" \"Other Users\"\u0027 command."
},
{
"lang": "es",
"value": "En la funci\u00f3n mboxlist_do_find en imap/mboxlist.c en Cyrus IMAP en versiones anteriores a la 3.0.4, un error por un paso (off-by-one) en el c\u00e1lculo de prefijos para el comando LIST provocaba el uso de memoria sin inicializar, lo que podr\u00eda permitir que atacantes remotos obtengan informaci\u00f3n sensible o provoquen una denegaci\u00f3n de servicio (daemon crash) mediante un comando \u0027LIST \"\" \"Other Users\"\u0027."
}
],
"id": "CVE-2017-14230",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-10T07:29:00.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/issues/2132"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-announce/2017-September/000145.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/issues/2132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-announce/2017-September/000145.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-03 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cyrus | imap | 2.3.0 | |
| cyrus | imap | 2.3.1 | |
| cyrus | imap | 2.3.2 | |
| cyrus | imap | 2.3.3 | |
| cyrus | imap | 2.3.4 | |
| cyrus | imap | 2.3.5 | |
| cyrus | imap | 2.3.6 | |
| cyrus | imap | 2.3.7 | |
| cyrus | imap | 2.3.8 | |
| cyrus | imap | 2.3.9 | |
| cyrus | imap | 2.3.10 | |
| cyrus | imap | 2.3.11 | |
| cyrus | imap | 2.3.12 | |
| cyrus | imap | 2.3.13 | |
| cyrus | imap | 2.3.14 | |
| cyrus | imap | 2.3.15 | |
| cyrus | imap | 2.3.16 | |
| cyrus | imap | 2.3.17 | |
| cyrus | imap | 2.3.18 | |
| cyrus | imap | 2.4.0 | |
| cyrus | imap | 2.4.1 | |
| cyrus | imap | 2.4.2 | |
| cyrus | imap | 2.4.3 | |
| cyrus | imap | 2.4.4 | |
| cyrus | imap | 2.4.5 | |
| cyrus | imap | 2.4.6 | |
| cyrus | imap | 2.4.7 | |
| cyrus | imap | 2.4.8 | |
| cyrus | imap | 2.4.9 | |
| cyrus | imap | 2.4.10 | |
| cyrus | imap | 2.4.11 | |
| cyrus | imap | 2.4.12 | |
| cyrus | imap | 2.4.13 | |
| cyrus | imap | 2.4.14 | |
| cyrus | imap | 2.4.15 | |
| cyrus | imap | 2.4.16 | |
| cyrus | imap | 2.4.17 | |
| cyrus | imap | 2.5.0 | |
| cyrus | imap | 2.5.1 | |
| cyrus | imap | 2.5.2 | |
| cyrus | imap | 2.5.3 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8010D9-3E9A-4E02-B623-14A7E7D6E36B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29B6023-B43F-4E86-B1B9-43030A4318B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2488FA8D-4A00-4552-9D53-719C48A3C852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5DD1C0-94DA-4B0F-8F12-27EA6A778AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF750E40-8AE9-4E2C-8AB9-5F3516D8A59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D182B614-963F-4795-9F19-BBA539E873DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3F484-F9BC-44F8-9198-A5B256008F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C31176E-CA98-4D05-AD24-E4B804466044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "15439E12-10BF-4639-B1CE-A9576C912DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4227C194-65EC-492D-B103-81DE69F2F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA01D24-FD48-4155-8414-6AC6C077089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EA294EE1-3F4E-4AED-97E0-117C6E4801DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7FB3C0-4389-41E5-B7D4-CF1E11F8E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "23870D8F-A9B3-4F93-9101-EE4ECD7B9927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9406E6-0CA1-44BE-9B0D-FC5ACDB777B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E86DB81E-0DFF-4CA6-8643-EB8E7B096EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CC81D721-C4C7-4E79-8EA7-48E54A30A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6E15275B-7106-49C0-BF61-EEEE183F65AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBEAC0D-1793-45C7-9A39-CC7F9F4EE4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4ABA24-DD0E-478E-A503-BBD0522A4130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80119A9A-D728-4646-A5DE-610D82FD7A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "926C716E-4D2D-4457-B8CC-CB0DF43AF6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25BF767D-AF1A-4FFF-AFB1-8DF62257FAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BEFE14-B04A-46AC-A086-39A6611A68D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "022D8959-B923-4577-A539-7EB5A7C9F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "68E7D10E-B6CC-4131-8D6C-4C461B1A1877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "03108AC9-8D1F-408A-A763-75826A30F592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE92657-EF13-4178-A0A7-D67FB025E68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0604B-57C2-48BD-9D05-7BF323B72F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "57349AD7-4B02-419F-A0BA-05FB82118C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5123A625-F376-4565-AE73-A1D5ED857381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "892ED37F-513A-41B4-9156-A3E97F1408C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD878F64-4DB5-4E8D-8102-2935D9FC8F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "101B7930-5D96-435F-833D-EEDCCA6A2265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0A57B9E9-C6BC-4ED6-9CB2-E7D36B4C7A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF73A59-DE7D-4031-848F-AA2A3998C946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "494DE44F-3694-460D-B83E-398D541AD27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65828710-86AB-49A5-AB94-5A10E4E8C203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "352E2F78-2796-4DB2-A68B-B5AB9826148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "910DAFB7-F23F-47F6-8EF5-85DACFD32950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E07D05DF-BDB6-4C3E-8430-DB97D3EEDA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n index_urlfetch en imap/index.c en Cyrus IMAP 2.3.19, 2.4.18 y 2.5.6 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de vectores relacionados con comprobaciones del intervalo urlfetch y la variable start_octet. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la CVE-2015-8076."
}
],
"id": "CVE-2015-8077",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-03T20:59:09.707",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1034282"
},
{
"source": "secalert@redhat.com",
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-10 14:15
Modified
2024-11-21 06:06
Severity ?
Summary
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cyrus | imap | * | |
| cyrus | imap | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98797F63-F02A-4856-801C-0B912C4BE095",
"versionEndExcluding": "3.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD614461-178E-4DEA-8E35-17B2DA9130CA",
"versionEndExcluding": "3.4.1",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall."
},
{
"lang": "es",
"value": "Cyrus IMAP versiones anteriores a 3.2.7, y versiones 3.3.x y versiones 3.4.x anteriores a 3.4.1, permite a usuarios autenticados remotos omitir las restricciones de acceso previstas en las anotaciones del servidor y, en consecuencia, provocar que la replicaci\u00f3n se detenga"
}
],
"id": "CVE-2021-32056",
"lastModified": "2024-11-21T06:06:46.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-10T14:15:07.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-15 04:15
Modified
2024-11-21 04:33
Severity ?
Summary
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cyrus | imap | * | |
| cyrus | imap | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2887FFFA-4F86-43E1-AA05-2445D9187349",
"versionEndExcluding": "2.5.14",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2ABDB8D-EC93-432E-93CC-FF2453E0A535",
"versionEndExcluding": "3.0.12",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection."
},
{
"lang": "es",
"value": "Cyrus IMAP versiones 2.5.x anteriores a la versi\u00f3n 2.5.14 y versiones 3.x anteriores a la versi\u00f3n 3.0.12, permite una escalada de privilegios porque una petici\u00f3n HTTP puede ser interpretada en el contexto de autenticaci\u00f3n de una petici\u00f3n anterior no relacionada que lleg\u00f3 por medio de la misma conexi\u00f3n."
}
],
"id": "CVE-2019-18928",
"lastModified": "2024-11-21T04:33:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-15T04:15:10.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-01 06:15
Modified
2024-11-21 06:09
Severity ?
Summary
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cyrus | imap | * | |
| cyrus | imap | * | |
| cyrus | imap | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3180FA25-ACA7-4276-AF92-BF12B3EDE5E6",
"versionEndExcluding": "3.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "916CC243-1069-481C-9290-3C25B4ABBB8F",
"versionEndExcluding": "3.2.8",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59476520-45C7-4427-B599-A615972376DF",
"versionEndExcluding": "3.4.2",
"versionStartIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16."
},
{
"lang": "es",
"value": "Cyrus IMAP versiones anteriores a 3.4.2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del demonio de varios minutos) por medio de una entrada manejada inapropiadamente durante la interacci\u00f3n de la tabla hash. Debido a que presenta muchas inserciones en un solo cubo, strcmp se vuelve lento. Esto se ha corregido en las versiones 3.4.2, 3.2.8 y 3.0.16"
}
],
"id": "CVE-2021-33582",
"lastModified": "2024-11-21T06:09:08.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-01T06:15:06.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/commits/master"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/security/advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/commits/master"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/security/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-407"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-03 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| cyrus | imap | 2.3.0 | |
| cyrus | imap | 2.3.1 | |
| cyrus | imap | 2.3.2 | |
| cyrus | imap | 2.3.3 | |
| cyrus | imap | 2.3.4 | |
| cyrus | imap | 2.3.5 | |
| cyrus | imap | 2.3.6 | |
| cyrus | imap | 2.3.7 | |
| cyrus | imap | 2.3.8 | |
| cyrus | imap | 2.3.9 | |
| cyrus | imap | 2.3.10 | |
| cyrus | imap | 2.3.11 | |
| cyrus | imap | 2.3.12 | |
| cyrus | imap | 2.3.13 | |
| cyrus | imap | 2.3.14 | |
| cyrus | imap | 2.3.15 | |
| cyrus | imap | 2.3.16 | |
| cyrus | imap | 2.3.17 | |
| cyrus | imap | 2.3.18 | |
| cyrus | imap | 2.4.0 | |
| cyrus | imap | 2.4.1 | |
| cyrus | imap | 2.4.2 | |
| cyrus | imap | 2.4.3 | |
| cyrus | imap | 2.4.4 | |
| cyrus | imap | 2.4.5 | |
| cyrus | imap | 2.4.6 | |
| cyrus | imap | 2.4.7 | |
| cyrus | imap | 2.4.8 | |
| cyrus | imap | 2.4.9 | |
| cyrus | imap | 2.4.10 | |
| cyrus | imap | 2.4.11 | |
| cyrus | imap | 2.4.12 | |
| cyrus | imap | 2.4.13 | |
| cyrus | imap | 2.4.14 | |
| cyrus | imap | 2.4.15 | |
| cyrus | imap | 2.4.16 | |
| cyrus | imap | 2.4.17 | |
| cyrus | imap | 2.5.0 | |
| cyrus | imap | 2.5.1 | |
| cyrus | imap | 2.5.2 | |
| cyrus | imap | 2.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8010D9-3E9A-4E02-B623-14A7E7D6E36B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29B6023-B43F-4E86-B1B9-43030A4318B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2488FA8D-4A00-4552-9D53-719C48A3C852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5DD1C0-94DA-4B0F-8F12-27EA6A778AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF750E40-8AE9-4E2C-8AB9-5F3516D8A59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D182B614-963F-4795-9F19-BBA539E873DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3F484-F9BC-44F8-9198-A5B256008F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C31176E-CA98-4D05-AD24-E4B804466044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "15439E12-10BF-4639-B1CE-A9576C912DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4227C194-65EC-492D-B103-81DE69F2F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA01D24-FD48-4155-8414-6AC6C077089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EA294EE1-3F4E-4AED-97E0-117C6E4801DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7FB3C0-4389-41E5-B7D4-CF1E11F8E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "23870D8F-A9B3-4F93-9101-EE4ECD7B9927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9406E6-0CA1-44BE-9B0D-FC5ACDB777B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E86DB81E-0DFF-4CA6-8643-EB8E7B096EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CC81D721-C4C7-4E79-8EA7-48E54A30A3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6E15275B-7106-49C0-BF61-EEEE183F65AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBEAC0D-1793-45C7-9A39-CC7F9F4EE4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4ABA24-DD0E-478E-A503-BBD0522A4130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80119A9A-D728-4646-A5DE-610D82FD7A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "926C716E-4D2D-4457-B8CC-CB0DF43AF6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25BF767D-AF1A-4FFF-AFB1-8DF62257FAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BEFE14-B04A-46AC-A086-39A6611A68D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "022D8959-B923-4577-A539-7EB5A7C9F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "68E7D10E-B6CC-4131-8D6C-4C461B1A1877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "03108AC9-8D1F-408A-A763-75826A30F592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE92657-EF13-4178-A0A7-D67FB025E68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0604B-57C2-48BD-9D05-7BF323B72F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "57349AD7-4B02-419F-A0BA-05FB82118C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5123A625-F376-4565-AE73-A1D5ED857381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "892ED37F-513A-41B4-9156-A3E97F1408C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD878F64-4DB5-4E8D-8102-2935D9FC8F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "101B7930-5D96-435F-833D-EEDCCA6A2265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0A57B9E9-C6BC-4ED6-9CB2-E7D36B4C7A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF73A59-DE7D-4031-848F-AA2A3998C946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "494DE44F-3694-460D-B83E-398D541AD27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65828710-86AB-49A5-AB94-5A10E4E8C203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "352E2F78-2796-4DB2-A68B-B5AB9826148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "910DAFB7-F23F-47F6-8EF5-85DACFD32950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E07D05DF-BDB6-4C3E-8430-DB97D3EEDA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read."
},
{
"lang": "es",
"value": "La funci\u00f3n index_urlfetch en index.c en Cyrus IMAP 2.3.x en versiones anteriores a 2.3.19, 2.4.x en versiones anteriores a 2.4.18, 2.5.x en versiones anteriores a 2.5.4 permite a atacantes remotos obtener informaci\u00f3n sensible o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores relacionados con el intervalo urlfetch, lo que desencadena una lectura de memoria din\u00e1mica fuera de rango."
}
],
"id": "CVE-2015-8076",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-03T20:59:07.533",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"source": "secalert@redhat.com",
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"
},
{
"source": "secalert@redhat.com",
"url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-16 14:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cyrus | imap | * | |
| cyrus | imap | * | |
| cyrus | imap | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "375632E2-D569-4787-A113-95C061809EC5",
"versionEndExcluding": "2.5.15",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA80924-6B46-4E05-AE58-B964736AA14C",
"versionEndExcluding": "3.0.13",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D8099-1C24-41D1-941C-2940A2527BA1",
"versionEndExcluding": "3.1.8",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Cyrus IMAP versiones anteriores a 2.5.15, versiones 3.0.x antes de 3.0.13 y versiones 3.1.x hasta 3.1.8. Si la carga de script tamizado est\u00e1 permitida (versiones 3.x) o ciertas opciones de tamizado no predeterminadas est\u00e1n habilitadas (versiones 2.x), un usuario con una cuenta de correo en el servicio puede usar un script tamizado que contiene un archivo en la directiva para crear cualquier buz\u00f3n con el administrador privilegios, debido a un manejo inapropiado de la carpeta en la funci\u00f3n autosieve_createfolder() en el archivo imap/lmtp_sieve.c."
}
],
"id": "CVE-2019-19783",
"lastModified": "2024-11-21T04:35:22.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-16T14:15:12.257",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-23"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4566-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4566-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4590"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-8078 (GCVE-0-2015-8078)
Vulnerability from cvelistv5
Published
2015-12-03 20:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
},
{
"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"name": "openSUSE-SU-2015:2130",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
},
{
"name": "SUSE-SU-2016:1459",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"name": "1034282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034282"
},
{
"name": "SUSE-SU-2016:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
},
{
"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"name": "openSUSE-SU-2015:2130",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
},
{
"name": "SUSE-SU-2016:1459",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"name": "1034282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034282"
},
{
"name": "SUSE-SU-2016:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8078",
"datePublished": "2015-12-03T20:00:00",
"dateReserved": "2015-11-04T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18928 (GCVE-0-2019-18928)
Vulnerability from cvelistv5
Published
2019-11-15 03:45
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html"
},
{
"name": "FEDORA-2019-393e1cef4d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/"
},
{
"name": "FEDORA-2019-03be160f9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/"
},
{
"name": "[debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T01:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html"
},
{
"name": "FEDORA-2019-393e1cef4d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/"
},
{
"name": "FEDORA-2019-03be160f9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/"
},
{
"name": "[debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html"
},
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html"
},
{
"name": "FEDORA-2019-393e1cef4d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/"
},
{
"name": "FEDORA-2019-03be160f9c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/"
},
{
"name": "[debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18928",
"datePublished": "2019-11-15T03:45:16",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33582 (GCVE-0-2021-33582)
Vulnerability from cvelistv5
Published
2021-09-01 05:32
Modified
2024-08-03 23:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/security/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/commits/master"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released"
},
{
"name": "FEDORA-2022-c30b1a8aa3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"name": "FEDORA-2022-d45bcc5447",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
},
{
"name": "[debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T01:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/security/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/commits/master"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released"
},
{
"name": "FEDORA-2022-c30b1a8aa3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"name": "FEDORA-2022-d45bcc5447",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
},
{
"name": "[debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/index.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/index.html"
},
{
"name": "https://github.com/cyrusimap/cyrus-imapd/security/advisories",
"refsource": "MISC",
"url": "https://github.com/cyrusimap/cyrus-imapd/security/advisories"
},
{
"name": "https://github.com/cyrusimap/cyrus-imapd/commits/master",
"refsource": "MISC",
"url": "https://github.com/cyrusimap/cyrus-imapd/commits/master"
},
{
"name": "https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released",
"refsource": "CONFIRM",
"url": "https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released"
},
{
"name": "FEDORA-2022-c30b1a8aa3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"name": "FEDORA-2022-d45bcc5447",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
},
{
"name": "[debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33582",
"datePublished": "2021-09-01T05:32:49",
"dateReserved": "2021-05-26T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8076 (GCVE-0-2015-8076)
Vulnerability from cvelistv5
Published
2015-12-03 20:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"
},
{
"name": "openSUSE-SU-2015:1623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"
},
{
"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"name": "openSUSE-SU-2015:1622",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"
},
{
"name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"name": "SUSE-SU-2016:1459",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"name": "SUSE-SU-2016:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"name": "[oss-security] 20150929 CVE request: urlfetch range handling flaw in Cyrus",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"
},
{
"name": "openSUSE-SU-2015:1623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"
},
{
"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"name": "openSUSE-SU-2015:1622",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"
},
{
"name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"name": "SUSE-SU-2016:1459",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"name": "SUSE-SU-2016:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"name": "[oss-security] 20150929 CVE request: urlfetch range handling flaw in Cyrus",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-8076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html",
"refsource": "CONFIRM",
"url": "https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html"
},
{
"name": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html",
"refsource": "CONFIRM",
"url": "https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html"
},
{
"name": "openSUSE-SU-2015:1623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html"
},
{
"name": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html",
"refsource": "CONFIRM",
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html"
},
{
"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"name": "openSUSE-SU-2015:1622",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html"
},
{
"name": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921",
"refsource": "CONFIRM",
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921"
},
{
"name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"name": "SUSE-SU-2016:1459",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"name": "SUSE-SU-2016:1457",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"name": "[oss-security] 20150929 CVE request: urlfetch range handling flaw in Cyrus",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/2"
},
{
"name": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b",
"refsource": "CONFIRM",
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8076",
"datePublished": "2015-12-03T20:00:00",
"dateReserved": "2015-11-04T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19783 (GCVE-0-2019-19783)
Vulnerability from cvelistv5
Published
2019-12-16 13:06
Modified
2024-08-05 02:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html"
},
{
"name": "20191219 [SECURITY] [DSA 4590-1] cyrus-imapd security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/38"
},
{
"name": "DSA-4590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4590"
},
{
"name": "FEDORA-2019-7938c21723",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF/"
},
{
"name": "FEDORA-2019-ad23a4522d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA/"
},
{
"name": "GLSA-202006-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-23"
},
{
"name": "USN-4566-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4566-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T04:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html"
},
{
"name": "20191219 [SECURITY] [DSA 4590-1] cyrus-imapd security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/38"
},
{
"name": "DSA-4590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4590"
},
{
"name": "FEDORA-2019-7938c21723",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF/"
},
{
"name": "FEDORA-2019-ad23a4522d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA/"
},
{
"name": "GLSA-202006-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-23"
},
{
"name": "USN-4566-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4566-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html"
},
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html"
},
{
"name": "20191219 [SECURITY] [DSA 4590-1] cyrus-imapd security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/38"
},
{
"name": "DSA-4590",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4590"
},
{
"name": "FEDORA-2019-7938c21723",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF/"
},
{
"name": "FEDORA-2019-ad23a4522d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA/"
},
{
"name": "GLSA-202006-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-23"
},
{
"name": "USN-4566-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4566-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19783",
"datePublished": "2019-12-16T13:06:54",
"dateReserved": "2019-12-13T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32056 (GCVE-0-2021-32056)
Vulnerability from cvelistv5
Published
2021-05-10 13:05
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:28.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html"
},
{
"name": "FEDORA-2022-c30b1a8aa3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"name": "FEDORA-2022-d45bcc5447",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-20T02:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html"
},
{
"name": "FEDORA-2022-c30b1a8aa3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"name": "FEDORA-2022-d45bcc5447",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released",
"refsource": "CONFIRM",
"url": "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released"
},
{
"name": "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released",
"refsource": "CONFIRM",
"url": "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released"
},
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html",
"refsource": "CONFIRM",
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html"
},
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html",
"refsource": "CONFIRM",
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html"
},
{
"name": "FEDORA-2022-c30b1a8aa3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"
},
{
"name": "FEDORA-2022-d45bcc5447",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32056",
"datePublished": "2021-05-10T13:05:40",
"dateReserved": "2021-05-05T00:00:00",
"dateUpdated": "2024-08-03T23:17:28.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14230 (GCVE-0-2017-14230)
Vulnerability from cvelistv5
Published
2017-09-10 07:00
Modified
2024-09-16 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-announce/2017-September/000145.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/issues/2132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a \u0027LIST \"\" \"Other Users\"\u0027 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-10T07:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-announce/2017-September/000145.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cyrusimap/cyrus-imapd/issues/2132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a \u0027LIST \"\" \"Other Users\"\u0027 command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79",
"refsource": "CONFIRM",
"url": "https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79"
},
{
"name": "https://lists.andrew.cmu.edu/pipermail/cyrus-announce/2017-September/000145.html",
"refsource": "CONFIRM",
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-announce/2017-September/000145.html"
},
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html",
"refsource": "CONFIRM",
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html"
},
{
"name": "https://github.com/cyrusimap/cyrus-imapd/issues/2132",
"refsource": "CONFIRM",
"url": "https://github.com/cyrusimap/cyrus-imapd/issues/2132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14230",
"datePublished": "2017-09-10T07:00:00Z",
"dateReserved": "2017-09-10T00:00:00Z",
"dateUpdated": "2024-09-16T16:28:43.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11356 (GCVE-0-2019-11356)
Vulnerability from cvelistv5
Published
2019-06-03 19:44
Modified
2024-08-04 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html"
},
{
"name": "FEDORA-2019-309f559057",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGO43JS7IFDNITHXOOHOP6JHRKRDIYY6/"
},
{
"name": "FEDORA-2019-f0435555ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICSZDC3UGEUZ27VXGGM6OFI67D3KKLZ/"
},
{
"name": "DSA-4458",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4458"
},
{
"name": "20190609 [SECURITY] [DSA 4458-1] cyrus-imapd security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/9"
},
{
"name": "RHSA-2019:1771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1771"
},
{
"name": "USN-4566-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4566-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T04:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html"
},
{
"name": "FEDORA-2019-309f559057",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGO43JS7IFDNITHXOOHOP6JHRKRDIYY6/"
},
{
"name": "FEDORA-2019-f0435555ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICSZDC3UGEUZ27VXGGM6OFI67D3KKLZ/"
},
{
"name": "DSA-4458",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4458"
},
{
"name": "20190609 [SECURITY] [DSA 4458-1] cyrus-imapd security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/9"
},
{
"name": "RHSA-2019:1771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1771"
},
{
"name": "USN-4566-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4566-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html"
},
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html"
},
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html"
},
{
"name": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html",
"refsource": "MISC",
"url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html"
},
{
"name": "FEDORA-2019-309f559057",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGO43JS7IFDNITHXOOHOP6JHRKRDIYY6/"
},
{
"name": "FEDORA-2019-f0435555ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICSZDC3UGEUZ27VXGGM6OFI67D3KKLZ/"
},
{
"name": "DSA-4458",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4458"
},
{
"name": "20190609 [SECURITY] [DSA 4458-1] cyrus-imapd security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/9"
},
{
"name": "RHSA-2019:1771",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1771"
},
{
"name": "USN-4566-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4566-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11356",
"datePublished": "2019-06-03T19:44:30",
"dateReserved": "2019-04-19T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8077 (GCVE-0-2015-8077)
Vulnerability from cvelistv5
Published
2015-12-03 20:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Cyrus-devel] 20151005 Recent security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
},
{
"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"name": "openSUSE-SU-2015:2130",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08"
},
{
"name": "SUSE-SU-2016:1459",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"name": "1034282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034282"
},
{
"name": "SUSE-SU-2016:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"name": "openSUSE-SU-2015:2200",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Cyrus-devel] 20151005 Recent security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
},
{
"name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
},
{
"name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
},
{
"name": "openSUSE-SU-2015:2130",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08"
},
{
"name": "SUSE-SU-2016:1459",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"name": "1034282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034282"
},
{
"name": "SUSE-SU-2016:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"name": "openSUSE-SU-2015:2200",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8077",
"datePublished": "2015-12-03T20:00:00",
"dateReserved": "2015-11-04T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}