CVE-2021-44143
published 2021-11-22CVE-2021-44143: A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.66%
88.2th percentile
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | isync | < isync 1.4.4-1 (bookworm) | isync 1.4.4-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| isync_project | isync | >= 0 < 1.4.4-1 | 1.4.4-1 |
| isync_project | isync | >= 0 < 1.4.4-1 | 1.4.4-1 |
| isync_project | isync | >= 0 < 1.4.4-1 | 1.4.4-1 |
| isync_project | isync | 1.4.0 – 1.4.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →A crafted mail message that lacks headers (starts with an empty line) delivered via a malicious or compromised IMAP server can trigger a heap overflow in mbsync (isync 1.4.0–1.4.3). Monitor for IMAP sessions delivering messages with no headers (i.e., body begins immediately with an empty line / CRLF CRLF at the very start of the message content). ↗
- ·Only isync versions 1.4.0 through 1.4.3 are vulnerable; the issue is fixed in 1.4.4. Verify the installed mbsync/isync version before deploying detections. ↗
- ·Exploitation requires a malicious or compromised IMAP server — the attack vector is the IMAP server side, not a direct client-to-client path. Scope is assessed as local by Debian. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2h85-c54w-28vc: A flaw was found in mbsync in isync 1
ghsa_unreviewed·2021-11-23
CVE-2021-44143 [CRITICAL] CWE-787 GHSA-2h85-c54w-28vc: A flaw was found in mbsync in isync 1
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
OSV
CVE-2021-44143: A flaw was found in mbsync in isync 1
osv·2021-11-22·CVSS 9.8
CVE-2021-44143 [CRITICAL] CVE-2021-44143: A flaw was found in mbsync in isync 1
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Debian
CVE-2021-44143: isync - A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked con...
vendor_debian·2021·CVSS 9.8
CVE-2021-44143 [CRITICAL] CVE-2021-44143: isync - A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked con...
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Scope: local
bookworm: resolved (fixed in 1.4.4-1)
bullseye: resolved
forky: resolved (fixed in 1.4.4-1)
sid: resolved (fixed in 1.4.4-1)
trixie: resolved (fixed in 1.4.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2021/12/03/2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/https://security.gentoo.org/glsa/202208-15https://sourceforge.net/p/isync/isync/commit_browserhttps://sourceforge.net/p/isync/isync/ref/master/tags/http://www.openwall.com/lists/oss-security/2021/12/03/2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX/https://security.gentoo.org/glsa/202208-15https://sourceforge.net/p/isync/isync/commit_browserhttps://sourceforge.net/p/isync/isync/ref/master/tags/
2021-11-22
Published