CVE-2015-2181

NameCVE-2015-2181
DescriptionMultiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
roundcube (PTS)stretch1.2.3+dfsg.1-4+deb9u6fixed
stretch (security)1.2.3+dfsg.1-4+deb9u10fixed
buster, buster (security)1.3.17+dfsg.1-1~deb10u2fixed
bullseye (security), bullseye1.4.13+dfsg.1-1~deb11u1fixed
sid1.5.1+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
roundcubesourcewheezy(not affected)
roundcubesource(unstable)1.1.1+dfsg.1-2

Notes

[wheezy] - roundcube <not-affected> (variable and chgdbmailusers.c does not exist)
http://trac.roundcube.net/ticket/1490261
http://advisories.mageia.org/MGASA-2015-0400.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html

Search for package or bug name: Reporting problems