Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-44143

Опубликовано: 22 нояб. 2021
Источник: debian
EPSS Низкий

Описание

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
isyncfixed1.4.4-1package
isyncnot-affectedbullseyepackage
isyncnot-affectedbusterpackage
isyncnot-affectedstretchpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2021/12/03/2

EPSS

Процентиль: 92%
0.07783
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-44143

CVSS3: 9.8
ubuntu
около 4 лет назад

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.

nvd логотип

CVE-2021-44143

CVSS3: 9.8
nvd
около 4 лет назад

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.

github логотип

GHSA-2h85-c54w-28vc

CVSS3: 9.8
github
около 4 лет назад

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.

EPSS

Процентиль: 92%
0.07783
Низкий