Date: Fri, 3 Dec 2021 12:31:14 +0100 From: Oswald Buddenhagen <oswald.buddenhagen@....de> To: isync-devel@...ts.sourceforge.net Cc: oss-security@...ts.openwall.com Subject: CVE-2021-44143: heap overflow in isync/mbsync description: A flaw was found in mbsync versions 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. mitigation: upgrade to the freshly released v1.4.4 available from https://sourceforge.net/projects/isync/files/isync/ , or apply the attached patch. View attachment "CVE-2021-44143-buffer-overflow-on-invalid-1.4.patch" of type "text/x-diff" (2692 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.