CVE-2021-3657 - log back

CVE-2021-3657 edited at 03 Dec 2021 11:50:29
Description
- A security issue was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
+ A security issue was found in mbsync in isync versions before 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
CVE-2021-3657 edited at 03 Dec 2021 11:43:51
References
https://www.openwall.com/lists/oss-security/2021/12/03/1
https://www.openwall.com/lists/oss-security/2021/12/03/1/1
+ https://sourceforge.net/p/isync/isync/ci/463272eab866a36162fe51813327ca7af2f37ca0/
+ https://sourceforge.net/p/isync/isync/ci/ba13362a52d8749731ba645e5e50e47862a5b91d/
+ https://sourceforge.net/p/isync/isync/ci/bc15e571b650270b87e9758916f93eab04992cef/
+ https://sourceforge.net/p/isync/isync/ci/bc15e571b650270b87e9758916f93eab04992cef/
+ https://sourceforge.net/p/isync/isync/ci/127003ee37e3eb6d914782be43097338baa32d2b/
CVE-2021-3657 edited at 03 Dec 2021 11:30:58
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A security issue was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
References
+ https://www.openwall.com/lists/oss-security/2021/12/03/1
+ https://www.openwall.com/lists/oss-security/2021/12/03/1/1
CVE-2021-3657 created at 03 Dec 2021 11:29:05
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes