CVE-2021-3657
- EPSS 6.84%
- Veröffentlicht 18.02.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:05
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer over...
CVE-2021-3578
- EPSS 2.87%
- Veröffentlicht 16.02.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:21:53
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. ...
CVE-2021-44143
- EPSS 7.83%
- Veröffentlicht 22.11.2021 20:15:18
- Zuletzt bearbeitet 21.11.2024 06:30:25
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, ...
CVE-2013-0289
- EPSS 0.48%
- Veröffentlicht 23.05.2014 14:55:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary ...