CVE-2021-3578 log

Severity Medium
Remote Yes
Type Arbitrary code execution
A security issue was found in mbsync before version 1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
Group Package Affected Fixed Severity Status Ticket
AVG-2042 isync 1.4.1-1 1.4.2-1 Medium Fixed
Date Advisory Group Package Severity Type
09 Jun 2021 ASA-202106-27 AVG-2042 isync Medium arbitrary code execution