CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2021-3657 – Gentoo Linux Security Advisory 202208-15
https://notcve.org/view.php?id=CVE-2021-3657
18 Feb 2022 — A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. Se ha encontrado un fallo en mbsync versiones anteriores a 1.4.4. Debido al manejo inapropiado de literales IMAP extremadamente grandes ()=2GiB), los servidores IMAP maliciosos o comprometido... • https://bugzilla.redhat.com/show_bug.cgi?id=2028932 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3578 – Gentoo Linux Security Advisory 202208-15
https://notcve.org/view.php?id=CVE-2021-3578
16 Feb 2022 — A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client. Se ha encontrado un fallo en mbsync versiones anteriores a v1.3.6 y v1.4.2, en el que un reparto de punteros no comprobado permite a un servidor malicioso o comprometido escribir un valor... • http://www.openwall.com/lists/oss-security/2021/06/07/1 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2021-44143 – Gentoo Linux Security Advisory 202208-15
https://notcve.org/view.php?id=CVE-2021-44143
22 Nov 2021 — A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. Se ha encontrado un fallo en mbsync en isync versiones 1.4.0 hasta 1.4.3. Debido a una condición no comprobada, un servidor IMAP malicioso o comprometido podría usar un mensaje de correo diseñado qu... • http://www.openwall.com/lists/oss-security/2021/12/03/2 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2013-0289 – Gentoo Linux Security Advisory 201310-02
https://notcve.org/view.php?id=CVE-2013-0289
07 Oct 2013 — Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Isync 0.4 anterior a 1.0.6, no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre común (CN) o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SS... • http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html • CWE-310: Cryptographic Issues •