CVE-2021-3578 vulnerability in Mbsyncproject and Other Products
Published on February 16, 2022

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

Products Associated with CVE-2021-3578

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3578 are published in these products:

Mbsyncproject Mysync

Red Hat Openshift Container Platform

Red Hat Virtualization

Red Hat Virtualization Host

Red Hat Enterprise Linux (RHEL)

Fedora Project Fedora

Isyncproject Isync

Debian Linux

Exploit Probability

EPSS

2.29%

Percentile

84.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-3578 vulnerability in Mbsyncproject and Other ProductsPublished on February 16, 2022

Weakness Type

Incorrect Type Conversion or Cast

Products Associated with CVE-2021-3578

Exploit Probability

CVE-2021-3578 vulnerability in Mbsyncproject and Other Products
Published on February 16, 2022