CVE-2015-2181 - Buffer Errors vulnerability in Roundcube Webmail

Publication

2017-01-30

Last modification

2018-05-02

Summary

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:L/Au:S/C:P/I:P/A:P)

Medium

6.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Roundcube Webmail  0.9.4 , 1.0.2 , 0.8.2 , 0.7.2 , 0.2.2 , 0.5 , 0.5.3 , 0.3 , 0.8.0 , 1.0.1 , 1.0.5 , 1.0 , 1.0.11 , 0.9.5 , 1.0.12 , 0.8.7 , 1.0.0 , 1.0.9 , 0.4.1 , 0.9.0 , 1.0.3 , 1.0.6 , 0.3.1 , 1.0.7 , 0.4 , 0.2 , 0.2.1 , 0.7.1 , 0.8.1 , 1.0.4 , 0.5.1 , 0.8.4 , 1.1 , 0.6 , 0.8.3 , 0.5.4 , 0.9 , 1.0.8 , 0.4.2 , 0.7.3 , 0.7.4 , 0.1 , 0.8.5 , 0.9.2 , 0.9.1 , 0.8.6 , 0.5.2 , 1.0.10 , 0.9.3 , 0.1.1 , 0.7

Related CVE