VDB
CVE-2021-44143
CVE-2021-44143
PUBLISHED
Reported by mitre · Published November 22, 2021
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| alpine | isync | 0, 0, 0 |
| n/a | n/a | n/a |
Timeline
- Nov 22, 2021 CVE Published
- Nov 23, 2021 EPSS Score
- Jan 17, 2022 EPSS Score
- Mar 13, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 1, 2022 EPSS Score
- Oct 20, 2022 EPSS Score
- Feb 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 28, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
References
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- [oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync mailing-listx_refsource_MLIST
- FEDORA-2021-577129851b vendor-advisoryx_refsource_FEDORA
- FEDORA-2021-b7fdb7e69a vendor-advisoryx_refsource_FEDORA
- GLSA-202208-15 vendor-advisoryx_refsource_GENTOO