CVE-2021-3657

CVE-2021-3657 affects mbsync (isync) versions before 1.4.4. The vulnerability stems from inadequate handling of extremely large IMAP literals (≥2 GiB), allowing a malicious or compromised IMAP server, and potentially external senders, to trigger buffer overflows that could be exploited for remote...

CVE-2021-3578

CVE-2021-3578 affects isync/mbsync before versions 1.3.6 and 1.4.2. The root cause is an unchecked pointer cast that lets a malicious or compromised IMAP server write an arbitrary integer past the end of a heap-allocated structure via an unexpected APPENDUID response, potentially enabling remote ...