---

CVE-2021-3578 - log back

CVE-2021-3578 edited at 07 Jun 2021 14:58:16
References	- https://www.openwall.com/lists/oss-security/2021/06/07/1 + https://sourceforge.net/p/isync/mailman/message/37297759/ https://sourceforge.net/p/isync/isync/ci/589d2ed4283130108df5495b5510d822282e1300/

CVE-2021-3578 edited at 07 Jun 2021 14:56:56
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ A security issue was found in mbsync before version 1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
References	+ https://www.openwall.com/lists/oss-security/2021/06/07/1 + https://sourceforge.net/p/isync/isync/ci/589d2ed4283130108df5495b5510d822282e1300/
Notes

CVE-2021-3578 created at 07 Jun 2021 14:55:18