Описание
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | needed | |
| esm-apps/bionic | not-affected | |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | needed | |
| esm-apps/noble | needed | |
| esm-apps/xenial | needs-triage | |
| focal | not-affected | |
| hirsute | not-affected | |
| impish | not-affected |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3