isync

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description IMAP and MailDir mailbox synchronizer
Version 1.4.4-4 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2579 1.4.3-1 1.4.4-1 Medium Fixed
AVG-2042 1.4.1-1 1.4.2-1 Medium Fixed
AVG-1598 1.3.3-1 1.3.5-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-44143 AVG-2579 Medium Yes Arbitrary code execution
A security issue was found in mbsync in isync 1.4.0 before version 1.4.4. Due to an unchecked condition, a malicious or compromised IMAP server could use a...
CVE-2021-20247 AVG-1598 High Yes Directory traversal
A security issue was found in isync/mbsync before versions 1.3.5 and 1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur,...
CVE-2021-3657 AVG-2579 Medium Yes Arbitrary code execution
A security issue was found in mbsync in isync versions before 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or...
CVE-2021-3578 AVG-2042 Medium Yes Arbitrary code execution
A security issue was found in mbsync before version 1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary...

Advisories

Date Advisory Group Severity Type
03 Dec 2021 ASA-202112-5 AVG-2579 Medium arbitrary code execution
09 Jun 2021 ASA-202106-27 AVG-2042 Medium arbitrary code execution
27 Feb 2021 ASA-202102-38 AVG-1598 High directory traversal