Isyncproject Isync
By the Year
In 2024 there have been 0 vulnerabilities in Isyncproject Isync . Isync did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 8.80 |
| 2021 | 1 | 9.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Isync vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Isyncproject Isync Security Vulnerabilities
A flaw was found in mbsync versions prior to 1.4.4
CVE-2021-3657
9.8 - Critical
- February 18, 2022
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
Buffer Overflow
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast
CVE-2021-3578
7.8 - High
- February 16, 2022
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
Incorrect Type Conversion or Cast
A flaw was found in mbsync in isync 1.4.0 through 1.4.3
CVE-2021-44143
9.8 - Critical
- November 22, 2021
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Memory Corruption
Isync 0.4 before 1.0.6, does not verify
CVE-2013-0289
- May 23, 2014
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Cryptographic Issues
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Isyncproject Isync or by Isyncproject? Click the Watch button to subscribe.
