isync Project isync 1.4.1

CPE Details

isync Project isync 1.4.1
isync_project
isync
1.4.1
2021-11-26
14h44 +00:00
2021-11-30
20h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:isync_project:isync:1.4.1:*:*:*:*:*:*:*

Informations

Vendor

isync_project

Product

isync

Version

1.4.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-3657 2022-02-18 16h50 +00:00 A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
9.8
Critical
CVE-2021-3578 2022-02-16 17h35 +00:00 A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
7.8
High
CVE-2021-44143 2021-11-22 18h29 +00:00 A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
9.8
Critical