CVE-2015-8078 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-8078 Interim 1 23 2025-11-05T04:41:09Z current 2021-05-30T13:34:52Z 2025-11-05T04:41:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-8078 Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-May/002085.html E-Mail link for SUSE-SU-2016:1457-1 https://lists.suse.com/pipermail/sle-security-updates/2016-June/002087.html E-Mail link for SUSE-SU-2016:1459-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 openSUSE Tumbleweed cyradm-2.4.18-3.4 cyrus-imapd cyrus-imapd-2.3.11-60.65.67.1 cyrus-imapd-2.4.18-3.4 cyrus-imapd-devel-2.3.11-60.65.67.1 cyrus-imapd-devel-2.4.18-3.4 cyrus-imapd-snmp-2.4.18-3.4 cyrus-imapd-snmp-mibs-2.4.18-3.4 cyrus-imapd-utils-2.4.18-3.4 perl-Cyrus-IMAP-2.3.11-60.65.67.1 perl-Cyrus-IMAP-2.3.18-37.1 perl-Cyrus-IMAP-2.4.18-3.4 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 cyrus-imapd-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA cyrus-imapd-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA cyrus-imapd-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Cyrus-IMAP-2.3.18-37.1 as a component of SUSE Linux Enterprise Server 12 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 as a component of SUSE Linux Enterprise Server 12 perl-Cyrus-IMAP-2.3.18-37.1 as a component of SUSE Linux Enterprise Server 12 SP1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 as a component of SUSE Linux Enterprise Server 12 SP1 cyrus-imapd-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-Cyrus-IMAP-2.3.18-37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 perl-Cyrus-IMAP-2.3.18-37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 cyrus-imapd-devel-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 cyradm-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-devel-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-snmp-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-snmp-mibs-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-utils-2.4.18-3.4 as a component of openSUSE Tumbleweed perl-Cyrus-IMAP-2.4.18-3.4 as a component of openSUSE Tumbleweed perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd as a component of SUSE Linux Enterprise Server 11 SP4 LTSS Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. CVE-2015-8078 SUSE Linux Enterprise Server 11 SP1-TERADATA:cyrus-imapd-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:cyrus-imapd-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP4:cyrus-imapd-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP4:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP4:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 12:perl-Cyrus-IMAP-2.3.18-37.1 SUSE Linux Enterprise Server 12:perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 SUSE Linux Enterprise Server 12 SP1:perl-Cyrus-IMAP-2.3.18-37.1 SUSE Linux Enterprise Server 12 SP1:perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:cyrus-imapd-2.3.11-60.65.67.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 SUSE Linux Enterprise Server for SAP Applications 12:perl-Cyrus-IMAP-2.3.18-37.1 SUSE Linux Enterprise Server for SAP Applications 12:perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:perl-Cyrus-IMAP-2.3.18-37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 SUSE Linux Enterprise Software Development Kit 11 SP4:cyrus-imapd-devel-2.3.11-60.65.67.1 SUSE Linux Enterprise Software Development Kit 11 SP4:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Software Development Kit 11 SP4:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 openSUSE Tumbleweed:cyradm-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P