Search criteria
8 vulnerabilities found for isync by isync_project
CVE-2021-3657 (GCVE-0-2021-3657)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2028932 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202208-15 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/12/03/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "isync",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "isync 1.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (\u003e=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:12:22.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/12/03/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"ID": "CVE-2021-3657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "isync",
"version": {
"version_data": [
{
"version_value": "isync 1.4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (\u003e=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2028932",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028932"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/12/03/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/12/03/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2021-3657",
"datePublished": "2022-02-18T17:50:56.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:08.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3578 (GCVE-0-2021-3578)
Vulnerability from cvelistv5 – Published: 2022-02-16 18:35 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
Severity
No CVSS data available.
CWE
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2021/06/07/1 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1961710 | x_refsource_MISC |
| https://github.blog/2021-06-10-privilege-escalati… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1967397 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202208-15 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210607 CVE-2021-3578: possible remote code execution in isync/mbsync",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "FEDORA-2021-f236f9f01a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI/"
},
{
"name": "FEDORA-2021-754af4d52b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "isync",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "isync 1.3.6, isync 1.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:13:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210607 CVE-2021-3578: possible remote code execution in isync/mbsync",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "FEDORA-2021-f236f9f01a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI/"
},
{
"name": "FEDORA-2021-754af4d52b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "isync",
"version": {
"version_data": [
{
"version_value": "isync 1.3.6, isync 1.4.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-704"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20210607 CVE-2021-3578: possible remote code execution in isync/mbsync",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "FEDORA-2021-f236f9f01a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI/"
},
{
"name": "FEDORA-2021-754af4d52b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"name": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/",
"refsource": "MISC",
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/06/07/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3578",
"datePublished": "2022-02-16T18:35:33.000Z",
"dateReserved": "2021-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44143 (GCVE-0-2021-44143)
Vulnerability from cvelistv5 – Published: 2021-11-22 19:29 – Updated: 2024-08-04 04:17
VLAI
Summary
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://sourceforge.net/p/isync/isync/ref/master/tags/ | x_refsource_MISC |
| https://sourceforge.net/p/isync/isync/commit_browser | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/12/03/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202208-15 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:23.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/isync/isync/commit_browser"
},
{
"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"
},
{
"name": "FEDORA-2021-577129851b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"
},
{
"name": "FEDORA-2021-b7fdb7e69a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:12:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/isync/isync/commit_browser"
},
{
"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"
},
{
"name": "FEDORA-2021-577129851b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"
},
{
"name": "FEDORA-2021-b7fdb7e69a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"
},
{
"name": "https://sourceforge.net/p/isync/isync/ref/master/tags/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"
},
{
"name": "https://sourceforge.net/p/isync/isync/commit_browser",
"refsource": "MISC",
"url": "https://sourceforge.net/p/isync/isync/commit_browser"
},
{
"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"
},
{
"name": "FEDORA-2021-577129851b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"
},
{
"name": "FEDORA-2021-b7fdb7e69a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"
},
{
"name": "GLSA-202208-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44143",
"datePublished": "2021-11-22T19:29:29.000Z",
"dateReserved": "2021-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:17:23.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0289 (GCVE-0-2013-0289)
Vulnerability from cvelistv5 – Published: 2014-05-23 14:00 – Updated: 2024-08-06 14:18
VLAI
Summary
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/57423 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2013/02/20/9 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/55190 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/projects/isync/files/isync… | x_refsource_CONFIRM |
| http://sourceforge.net/p/isync/isync/ci/914ede186… | x_refsource_CONFIRM |
| http://security.gentoo.org/glsa/glsa-201310-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2013-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-2758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099547.html"
},
{
"name": "57423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57423"
},
{
"name": "isync-ssl-info-disc(82232)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82232"
},
{
"name": "[oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/9"
},
{
"name": "55190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/isync/files/isync/1.0.6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb"
},
{
"name": "GLSA-201310-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-02.xml"
},
{
"name": "FEDORA-2013-2795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2013-2758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099547.html"
},
{
"name": "57423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57423"
},
{
"name": "isync-ssl-info-disc(82232)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82232"
},
{
"name": "[oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/9"
},
{
"name": "55190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/isync/files/isync/1.0.6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb"
},
{
"name": "GLSA-201310-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-02.xml"
},
{
"name": "FEDORA-2013-2795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-2758",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099547.html"
},
{
"name": "57423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57423"
},
{
"name": "isync-ssl-info-disc(82232)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82232"
},
{
"name": "[oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/9"
},
{
"name": "55190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55190"
},
{
"name": "http://sourceforge.net/projects/isync/files/isync/1.0.6/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/isync/files/isync/1.0.6/"
},
{
"name": "http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb"
},
{
"name": "GLSA-201310-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201310-02.xml"
},
{
"name": "FEDORA-2013-2795",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0289",
"datePublished": "2014-05-23T14:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3657 (GCVE-0-2021-3657)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2028932 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202208-15 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/12/03/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "isync",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "isync 1.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (\u003e=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:12:22.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/12/03/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"ID": "CVE-2021-3657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "isync",
"version": {
"version_data": [
{
"version_value": "isync 1.4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (\u003e=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2028932",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028932"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/12/03/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/12/03/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2021-3657",
"datePublished": "2022-02-18T17:50:56.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:08.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3578 (GCVE-0-2021-3578)
Vulnerability from nvd – Published: 2022-02-16 18:35 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
Severity
No CVSS data available.
CWE
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2021/06/07/1 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1961710 | x_refsource_MISC |
| https://github.blog/2021-06-10-privilege-escalati… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1967397 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202208-15 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210607 CVE-2021-3578: possible remote code execution in isync/mbsync",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "FEDORA-2021-f236f9f01a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI/"
},
{
"name": "FEDORA-2021-754af4d52b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "isync",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "isync 1.3.6, isync 1.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:13:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210607 CVE-2021-3578: possible remote code execution in isync/mbsync",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "FEDORA-2021-f236f9f01a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI/"
},
{
"name": "FEDORA-2021-754af4d52b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "isync",
"version": {
"version_data": [
{
"version_value": "isync 1.3.6, isync 1.4.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-704"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20210607 CVE-2021-3578: possible remote code execution in isync/mbsync",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "FEDORA-2021-f236f9f01a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI/"
},
{
"name": "FEDORA-2021-754af4d52b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"name": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/",
"refsource": "MISC",
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/06/07/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3066-1] isync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"name": "GLSA-202208-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3578",
"datePublished": "2022-02-16T18:35:33.000Z",
"dateReserved": "2021-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44143 (GCVE-0-2021-44143)
Vulnerability from nvd – Published: 2021-11-22 19:29 – Updated: 2024-08-04 04:17
VLAI
Summary
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://sourceforge.net/p/isync/isync/ref/master/tags/ | x_refsource_MISC |
| https://sourceforge.net/p/isync/isync/commit_browser | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/12/03/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202208-15 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:23.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/isync/isync/commit_browser"
},
{
"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"
},
{
"name": "FEDORA-2021-577129851b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"
},
{
"name": "FEDORA-2021-b7fdb7e69a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:12:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/isync/isync/commit_browser"
},
{
"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"
},
{
"name": "FEDORA-2021-577129851b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"
},
{
"name": "FEDORA-2021-b7fdb7e69a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"
},
{
"name": "GLSA-202208-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"
},
{
"name": "https://sourceforge.net/p/isync/isync/ref/master/tags/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/isync/isync/ref/master/tags/"
},
{
"name": "https://sourceforge.net/p/isync/isync/commit_browser",
"refsource": "MISC",
"url": "https://sourceforge.net/p/isync/isync/commit_browser"
},
{
"name": "[oss-security] 20211203 CVE-2021-44143: heap overflow in isync/mbsync",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/03/2"
},
{
"name": "FEDORA-2021-577129851b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/"
},
{
"name": "FEDORA-2021-b7fdb7e69a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/"
},
{
"name": "GLSA-202208-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44143",
"datePublished": "2021-11-22T19:29:29.000Z",
"dateReserved": "2021-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:17:23.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0289 (GCVE-0-2013-0289)
Vulnerability from nvd – Published: 2014-05-23 14:00 – Updated: 2024-08-06 14:18
VLAI
Summary
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/57423 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2013/02/20/9 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/55190 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/projects/isync/files/isync… | x_refsource_CONFIRM |
| http://sourceforge.net/p/isync/isync/ci/914ede186… | x_refsource_CONFIRM |
| http://security.gentoo.org/glsa/glsa-201310-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2013-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-2758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099547.html"
},
{
"name": "57423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57423"
},
{
"name": "isync-ssl-info-disc(82232)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82232"
},
{
"name": "[oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/9"
},
{
"name": "55190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/isync/files/isync/1.0.6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb"
},
{
"name": "GLSA-201310-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-02.xml"
},
{
"name": "FEDORA-2013-2795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2013-2758",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099547.html"
},
{
"name": "57423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57423"
},
{
"name": "isync-ssl-info-disc(82232)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82232"
},
{
"name": "[oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/9"
},
{
"name": "55190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/isync/files/isync/1.0.6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb"
},
{
"name": "GLSA-201310-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-02.xml"
},
{
"name": "FEDORA-2013-2795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-2758",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099547.html"
},
{
"name": "57423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57423"
},
{
"name": "isync-ssl-info-disc(82232)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82232"
},
{
"name": "[oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/9"
},
{
"name": "55190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55190"
},
{
"name": "http://sourceforge.net/projects/isync/files/isync/1.0.6/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/isync/files/isync/1.0.6/"
},
{
"name": "http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb"
},
{
"name": "GLSA-201310-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201310-02.xml"
},
{
"name": "FEDORA-2013-2795",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0289",
"datePublished": "2014-05-23T14:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}