CVE-2015-8076 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-8076 Interim 1 17 2024-07-27T01:11:56Z current 2021-05-30T13:34:51Z 2024-07-27T01:11:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-8076 The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-May/002085.html E-Mail link for SUSE-SU-2016:1457-1 https://lists.suse.com/pipermail/sle-security-updates/2016-June/002087.html E-Mail link for SUSE-SU-2016:1459-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 cyrus-imapd cyrus-imapd-2.3.11-60.65.67.1 cyrus-imapd-devel-2.3.11-60.65.67.1 perl-Cyrus-IMAP-2.3.11-60.65.67.1 perl-Cyrus-IMAP-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 cyrus-imapd-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA cyrus-imapd-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA cyrus-imapd-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Cyrus-IMAP-2.3.18-37.1 as a component of SUSE Linux Enterprise Server 12 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 as a component of SUSE Linux Enterprise Server 12 perl-Cyrus-IMAP-2.3.18-37.1 as a component of SUSE Linux Enterprise Server 12 SP1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 as a component of SUSE Linux Enterprise Server 12 SP1 cyrus-imapd-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-Cyrus-IMAP-2.3.18-37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 perl-Cyrus-IMAP-2.3.18-37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 cyrus-imapd-devel-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 perl-Cyrus-IMAP-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 cyrus-imapd as a component of SUSE Linux Enterprise Server 11 SP4 LTSS The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. CVE-2015-8076 SUSE Linux Enterprise Server 11 SP1-TERADATA:cyrus-imapd-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:cyrus-imapd-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP4:cyrus-imapd-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP4:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 11 SP4:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 SUSE Linux Enterprise Server 12:perl-Cyrus-IMAP-2.3.18-37.1 SUSE Linux Enterprise Server 12:perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 SUSE Linux Enterprise Server 12 SP1:perl-Cyrus-IMAP-2.3.18-37.1 SUSE Linux Enterprise Server 12 SP1:perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:cyrus-imapd-2.3.11-60.65.67.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 SUSE Linux Enterprise Server for SAP Applications 12:perl-Cyrus-IMAP-2.3.18-37.1 SUSE Linux Enterprise Server for SAP Applications 12:perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:perl-Cyrus-IMAP-2.3.18-37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 SUSE Linux Enterprise Software Development Kit 11 SP4:cyrus-imapd-devel-2.3.11-60.65.67.1 SUSE Linux Enterprise Software Development Kit 11 SP4:perl-Cyrus-IMAP-2.3.11-60.65.67.1 SUSE Linux Enterprise Software Development Kit 11 SP4:perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P