The index_urlfetch function in index.c in Cyrus IMAP 2.3.x prior to 2.3.19, 2.4.x prior to 2.4.18, 2.5.x prior to 2.5.4 allows remote malicious users to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
opensuse opensuse 13.2 |
||
opensuse leap 42.1 |
||
cyrus imap 2.3.0 |
||
cyrus imap 2.3.1 |
||
cyrus imap 2.3.8 |
||
cyrus imap 2.3.9 |
||
cyrus imap 2.3.16 |
||
cyrus imap 2.3.17 |
||
cyrus imap 2.4.6 |
||
cyrus imap 2.4.7 |
||
cyrus imap 2.4.14 |
||
cyrus imap 2.4.15 |
||
cyrus imap 2.3.6 |
||
cyrus imap 2.3.7 |
||
cyrus imap 2.3.14 |
||
cyrus imap 2.3.15 |
||
cyrus imap 2.4.4 |
||
cyrus imap 2.4.5 |
||
cyrus imap 2.4.12 |
||
cyrus imap 2.4.13 |
||
cyrus imap 2.5.2 |
||
cyrus imap 2.5.3 |
||
cyrus imap 2.3.4 |
||
cyrus imap 2.3.5 |
||
cyrus imap 2.3.12 |
||
cyrus imap 2.3.13 |
||
cyrus imap 2.4.1 |
||
cyrus imap 2.4.2 |
||
cyrus imap 2.4.3 |
||
cyrus imap 2.4.10 |
||
cyrus imap 2.4.11 |
||
cyrus imap 2.5.0 |
||
cyrus imap 2.5.1 |
||
cyrus imap 2.3.2 |
||
cyrus imap 2.3.3 |
||
cyrus imap 2.3.10 |
||
cyrus imap 2.3.11 |
||
cyrus imap 2.3.18 |
||
cyrus imap 2.4.0 |
||
cyrus imap 2.4.8 |
||
cyrus imap 2.4.9 |
||
cyrus imap 2.4.16 |
||
cyrus imap 2.4.17 |
Vulmon