CVE-2015-2181
Published: 30 January 2017
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.
Priority
Status
Package | Release | Status |
---|---|---|
roundcube Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
bionic |
Not vulnerable
(1.3.6+dfsg.1-1)
|
|
cosmic |
Not vulnerable
(1.3.6+dfsg.1-1)
|
|
disco |
Not vulnerable
(1.3.6+dfsg.1-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(1.1.1+dfsg.1-2)
|
|
wily |
Not vulnerable
(1.1.1+dfsg.1-2)
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |