CVE-2015-8076 Information

Description

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19 2.4.x before 2.4.18 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range which triggers an out-of-bounds heap read.

Reference

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00038.html http://www.openwall.com/lists/oss-security/2015/09/29/2 [oss-security] 20150929 CVE request: urlfetch range handling flaw in Cyrus http://www.openwall.com/lists/oss-security/2015/09/30/3 [oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP http://www.openwall.com/lists/oss-security/2015/11/04/3 [oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b https://docs.cyrus.foundation/imap/release-notes/2.3/x/2.3.19.html https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.4.html The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19 2.4.x before 2.4.18 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range which triggers an out-of-bounds heap read.