{"id":"UBUNTU-CVE-2015-8076","details":"The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.","modified":"2025-07-16T07:33:29.756571Z","published":"2015-12-03T20:59:00Z","withdrawn":"2025-07-18T16:43:18Z","upstream":["CVE-2015-8076"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8076"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2015/09/29/2"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-8076"}],"affected":[{"package":{"name":"cyrus-imapd-2.4","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/cyrus-imapd-2.4@2.4.17+nocaldav-2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.17+nocaldav-2"}]}],"versions":["2.4.17+caldav~beta10-18"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"cyrus-admin","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-admin-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-clients","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-clients-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-common","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-common-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-common-dbgsym","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-dev","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-dev-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-doc","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-doc-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-imapd","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-imapd-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-imapd-dbgsym","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-murder","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-murder-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-murder-dbgsym","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-nntpd","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-nntpd-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-nntpd-dbgsym","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-pop3d","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-pop3d-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-pop3d-dbgsym","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-replication","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-replication-2.4","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"cyrus-replication-dbgsym","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"libcyrus-imap-perl","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"libcyrus-imap-perl-dbgsym","binary_version":"2.4.17+nocaldav-2"},{"binary_name":"libcyrus-imap-perl24","binary_version":"2.4.17+nocaldav-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-8076.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}