CVE-2021-3657

Name
CVE-2021-3657
Description
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.openwall.com/lists/oss-security/2021/12/03/1
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2028932

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:isync_project:isync:*:*:*:*:*:*:*:* isync >= None < 1.4.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
isync 3.15-community 1.4.4-r0 Stuart Cardall <developer@it-offshore.co.uk> fixed
isync 3.16-community 1.4.4-r0 Stuart Cardall <developer@it-offshore.co.uk> fixed