CVE-2015-2181

HIGH

Roundcube Webmail < 1.1.0 - Buffer Overflow via Password or Username

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96391
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/roundcube/roundcubemail/issues/4757

Scores

CVSS v3 8.8
EPSS 0.0287
EPSS Percentile 85.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
roundcube/webmail < 1.1.0
Published Jan 30, 2017
Tracked Since Feb 18, 2026