---

CVE-2021-44143 - log back

CVE-2021-44143 edited at 03 Dec 2021 11:45:12
References	https://www.openwall.com/lists/oss-security/2021/12/03/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 https://www.openwall.com/lists/oss-security/2021/12/03/2/1 - https://sourceforge.net/p/isync/isync/ci/127003ee37e3eb6d914782be43097338baa32d2b/ + https://sourceforge.net/p/isync/isync/ci/87065c12b477ee7239dd907f352dda5289c0c919/

CVE-2021-44143 edited at 03 Dec 2021 11:44:43
References	https://www.openwall.com/lists/oss-security/2021/12/03/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 https://www.openwall.com/lists/oss-security/2021/12/03/2/1 + https://sourceforge.net/p/isync/isync/ci/127003ee37e3eb6d914782be43097338baa32d2b/

CVE-2021-44143 edited at 03 Dec 2021 11:35:47
References	https://www.openwall.com/lists/oss-security/2021/12/03/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 + https://www.openwall.com/lists/oss-security/2021/12/03/2/1

CVE-2021-44143 edited at 03 Dec 2021 11:35:29
References	+ https://www.openwall.com/lists/oss-security/2021/12/03/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 - https://sourceforge.net/projects/isync/files/isync/1.4.4/

CVE-2021-44143 edited at 03 Dec 2021 11:31:39
Description	- A security issue was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. + A security issue was found in mbsync in isync 1.4.0 before version 1.4.4. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
References	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 + https://sourceforge.net/projects/isync/files/isync/1.4.4/

CVE-2021-44143 edited at 22 Nov 2021 21:40:55
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ A security issue was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
References	+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804
Notes

CVE-2021-44143 created at 22 Nov 2021 21:38:33