CVE-2021-3578
Gentoo Linux Security Advisory 202208-15
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
Se ha encontrado un fallo en mbsync versiones anteriores a v1.3.6 y v1.4.2, en el que un reparto de punteros no comprobado permite a un servidor malicioso o comprometido escribir un valor entero arbitrario más allá del final de una estructura asignada a la pila emitiendo una respuesta APPENDUID no esperada. Esto podría ser explotado de forma plausible para una ejecución de código remota en el cliente
Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution. Versions less than 1.4.4 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-03 CVE Reserved
- 2022-02-16 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-704: Incorrect Type Conversion or Cast
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1961710 | Not Applicable | |
| https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug | Not Applicable | |
| https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/06/07/1 | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1967397 | 2023-11-07 | |
| https://www.openwall.com/lists/oss-security/2021/06/07/1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Isync Project Search vendor "Isync Project" | Isync Search vendor "Isync Project" for product "Isync" | < 1.3.6 Search vendor "Isync Project" for product "Isync" and version " < 1.3.6" | - |
Affected
| ||||||
| Isync Project Search vendor "Isync Project" | Isync Search vendor "Isync Project" for product "Isync" | 1.4.0 Search vendor "Isync Project" for product "Isync" and version "1.4.0" | - |
Affected
| ||||||
| Isync Project Search vendor "Isync Project" | Isync Search vendor "Isync Project" for product "Isync" | 1.4.1 Search vendor "Isync Project" for product "Isync" and version "1.4.1" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||