Vulnerability Description
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isync Project | Isync | < 1.4.4 |
| Fedoraproject | Fedora | 35 |
| Redhat | Enterprise Linux | 7.0 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2028932Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/07/msg00001.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202208-15Third Party Advisory
- https://www.openwall.com/lists/oss-security/2021/12/03/1Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2028932Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/07/msg00001.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202208-15Third Party Advisory
- https://www.openwall.com/lists/oss-security/2021/12/03/1Mailing ListThird Party Advisory
FAQ
What is CVE-2021-3657?
CVE-2021-3657 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email ...
How severe is CVE-2021-3657?
CVE-2021-3657 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-3657?
Check the references section above for vendor advisories and patch information. Affected products include: Isync Project Isync, Fedoraproject Fedora, Redhat Enterprise Linux, Debian Debian Linux.