Integer Overflow in index_urlfetch function in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6

Integer Overflow in index_urlfetch function in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6

CVE-2015-8077 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Learn more about our Web Application Penetration Testing UK.