CVE-2021-44143 - log back

CVE-2021-44143 edited at 03 Dec 2021 11:45:12
References
https://www.openwall.com/lists/oss-security/2021/12/03/2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804
https://www.openwall.com/lists/oss-security/2021/12/03/2/1
- https://sourceforge.net/p/isync/isync/ci/127003ee37e3eb6d914782be43097338baa32d2b/
+ https://sourceforge.net/p/isync/isync/ci/87065c12b477ee7239dd907f352dda5289c0c919/
CVE-2021-44143 edited at 03 Dec 2021 11:44:43
References
https://www.openwall.com/lists/oss-security/2021/12/03/2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804
https://www.openwall.com/lists/oss-security/2021/12/03/2/1
+ https://sourceforge.net/p/isync/isync/ci/127003ee37e3eb6d914782be43097338baa32d2b/
CVE-2021-44143 edited at 03 Dec 2021 11:35:47
References
https://www.openwall.com/lists/oss-security/2021/12/03/2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804
+ https://www.openwall.com/lists/oss-security/2021/12/03/2/1
CVE-2021-44143 edited at 03 Dec 2021 11:35:29
References
+ https://www.openwall.com/lists/oss-security/2021/12/03/2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804
- https://sourceforge.net/projects/isync/files/isync/1.4.4/
CVE-2021-44143 edited at 03 Dec 2021 11:31:39
Description
- A security issue was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
+ A security issue was found in mbsync in isync 1.4.0 before version 1.4.4. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804
+ https://sourceforge.net/projects/isync/files/isync/1.4.4/
CVE-2021-44143 edited at 22 Nov 2021 21:40:55
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A security issue was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
References
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804
Notes
CVE-2021-44143 created at 22 Nov 2021 21:38:33