CVE-2021-3657

CVE-2021-3657 affects mbsync (isync) versions before 1.4.4. The vulnerability stems from inadequate handling of extremely large IMAP literals (≥2 GiB), allowing a malicious or compromised IMAP server, and potentially external senders, to trigger buffer overflows that could be exploited for remote...

CVE-2021-3578

CVE-2021-3578 affects isync/mbsync before versions 1.3.6 and 1.4.2. The root cause is an unchecked pointer cast that lets a malicious or compromised IMAP server write an arbitrary integer past the end of a heap-allocated structure via an unexpected APPENDUID response, potentially enabling remote ...

CVE-2021-44143

The CVE-2021-44143 issue affects isync (mbsync) in versions prior to 1.4.4 (1.4.0–1.4.3). An unchecked condition in processing a crafted IMAP message lacking headers (starts with an empty line) can provoke a heap overflow, potentially enabling remote code execution on the client. Remediation: upg...

CVE-2013-0289

Isync 0.4 before 1.0.6 fails to verify the server hostname against the CN/SubjectAltName in the X.509 certificate, enabling MITM spoofing with any valid cert. Affected software: isync prior to 1.0.6. Impact per sources: potential disclosure of passwords and other sensitive data. Mitigation: upgra...