Lucene search

K

MitreCVELIST:CVE-2021-44143

HistoryNov 22, 2021 - 7:29 p.m.

CVE-2021-44143

2021-11-2219:29:29

mitre

www.cve.org

6

mbsync

isync

remote code execution

AI Score

9.8

Confidence

High

EPSS

0.085

Percentile

94.5%

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.

References

www.openwall.com/lists/oss-security/2021/12/03/2

bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/

security.gentoo.org/glsa/202208-15

sourceforge.net/p/isync/isync/commit_browser

sourceforge.net/p/isync/isync/ref/master/tags/

AI Score

9.8

Confidence

High

EPSS

0.085

Percentile

94.5%

Related for CVELIST:CVE-2021-44143

prion1 alpinelinux1 veracode1 debiancve1 ubuntucve1 nvd1 cve1 archlinux1 openvas2 fedora2 nessus1 gentoo1