Main Vulnerability Database Vulnerabilities #VU33075

Buffer overflow in Roundcube - CVE-2015-2181

Published: January 31, 2017 / Updated: August 3, 2020

Vulnerability identifier: #VU33075

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-2181

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Roundcube

Affected software:
Roundcube

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

How to mitigate CVE-2015-2181

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/96391
https://github.com/roundcube/roundcubemail/issues/4757

Buffer overflow in Roundcube - CVE-2015-2181

Detailed vulnerability description

How to mitigate CVE-2015-2181

Sources

Please verify you're human