{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-11T00:12:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/isync/isync/commit_browser"}, {"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"}, {"name": "FEDORA-2021-577129851b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"}, {"name": "FEDORA-2021-b7fdb7e69a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"}, {"name": "GLSA-202208-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-15"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44143", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"}, {"name": "https://sourceforge.net/p/isync/isync/ref/master/tags/", "refsource": "MISC", "url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"}, {"name": "https://sourceforge.net/p/isync/isync/commit_browser", "refsource": "MISC", "url": "https://sourceforge.net/p/isync/isync/commit_browser"}, {"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"}, {"name": "FEDORA-2021-577129851b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"}, {"name": "FEDORA-2021-b7fdb7e69a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"}, {"name": "GLSA-202208-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-15"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:17:23.608Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/isync/isync/commit_browser"}, {"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"}, {"name": "FEDORA-2021-577129851b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"}, {"name": "FEDORA-2021-b7fdb7e69a", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"}, {"name": "GLSA-202208-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-15"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44143", "datePublished": "2021-11-22T19:29:29", "dateReserved": "2021-11-22T00:00:00", "dateUpdated": "2024-08-04T04:17:23.608Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isync_project:isync:*:*:*:*:*:*:*:*", "matchCriteriaId": "24074CD9-01E7-4913-B651-B1436AB6F3C0", "versionEndIncluding": "1.4.3", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution."}, {"lang": "es", "value": "Se ha encontrado un fallo en mbsync en isync versiones 1.4.0 hasta 1.4.3. Debido a una condici\u00f3n no comprobada, un servidor IMAP malicioso o comprometido podr\u00eda usar un mensaje de correo dise\u00f1ado que carece de encabezados (es decir, uno que comienza con una l\u00ednea vac\u00eda) para provocar un desbordamiento de la pila, que podr\u00eda ser explotado para una ejecuci\u00f3n de c\u00f3digo remota"}], "id": "CVE-2021-44143", "lastModified": "2024-11-21T06:30:25.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-22T20:15:18.223", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-15"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://sourceforge.net/p/isync/isync/commit_browser"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://sourceforge.net/p/isync/isync/commit_browser"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}