CVE-2021-3578 — Vulnetix

CVE-2021-3578 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

EPSS 0.86% · 75.3th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.86%

75.3th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	9.0
isync_project	isync	1.4.0, 1.4.1, 0
fedoraproject	fedora	33, 34
n/a	isync	isync 1.3.6, isync 1.4.2

Timeline

Aug 20, 2021 CVE Published
Feb 16, 2022 PoC Published
Feb 17, 2022 EPSS Score
Feb 19, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Jul 24, 2022 EPSS Score
Sep 14, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Feb 17, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Jun 2, 2023 EPSS Score
Jul 24, 2023 EPSS Score

References

[oss-security] 20210607 CVE-2021-3578: possible remote code execution in isync/mbsync mailing-list
FEDORA-2021-f236f9f01a vendor-advisory
FEDORA-2021-754af4d52b vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1961710 url
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ url
https://bugzilla.redhat.com/show_bug.cgi?id=1967397 url
https://www.openwall.com/lists/oss-security/2021/06/07/1 url
[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update mailing-list
GLSA-202208-15 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-3578 advisory
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI url

Open in Interactive Console →