oss-sec mailing list archives
CVE-2021-44143: heap overflow in isync/mbsync
From: Oswald Buddenhagen <oswald.buddenhagen () gmx de>
Date: Fri, 3 Dec 2021 12:31:14 +0100
description: A flaw was found in mbsync versions 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. mitigation:upgrade to the freshly released v1.4.4 available from https://sourceforge.net/projects/isync/files/isync/ , or apply the attached patch.
Attachment:
CVE-2021-44143-buffer-overflow-on-invalid-1.4.patch
Description:
Current thread:
- CVE-2021-44143: heap overflow in isync/mbsync Oswald Buddenhagen (Dec 03)