A flaw was found in mbsync versions before 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
isync project isync |
||
fedoraproject fedora 35 |
||
redhat enterprise linux 7.0 |
||
debian debian linux 9.0 |