{"id":"UBUNTU-CVE-2015-8078","details":"Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.","modified":"2025-10-24T04:45:29Z","published":"2015-12-03T20:59:00Z","upstream":["CVE-2015-8078"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8078"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-8078"}],"affected":[{"package":{"name":"cyrus-imapd-2.4","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/cyrus-imapd-2.4@2.4.18-3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.17+caldav~beta10-18","2.4.17+nocaldav-2","2.4.18-3"],"ecosystem_specific":{"binaries":[{"binary_version":"2.4.18-3","binary_name":"cyrus-admin"},{"binary_version":"2.4.18-3","binary_name":"cyrus-admin-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-clients"},{"binary_version":"2.4.18-3","binary_name":"cyrus-clients-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-common"},{"binary_version":"2.4.18-3","binary_name":"cyrus-common-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-dev"},{"binary_version":"2.4.18-3","binary_name":"cyrus-dev-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-doc-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-imapd"},{"binary_version":"2.4.18-3","binary_name":"cyrus-imapd-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-murder"},{"binary_version":"2.4.18-3","binary_name":"cyrus-murder-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-nntpd"},{"binary_version":"2.4.18-3","binary_name":"cyrus-nntpd-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-pop3d"},{"binary_version":"2.4.18-3","binary_name":"cyrus-pop3d-2.4"},{"binary_version":"2.4.18-3","binary_name":"cyrus-replication"},{"binary_version":"2.4.18-3","binary_name":"cyrus-replication-2.4"},{"binary_version":"2.4.18-3","binary_name":"libcyrus-imap-perl"},{"binary_version":"2.4.18-3","binary_name":"libcyrus-imap-perl24"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-8078.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}