Mbsync · Mbsync · CVE-2021-3578
Name of the Vulnerable Software and Affected Versions:
mbsync versions prior to 1.3.6
mbsync versions prior to 1.4.2
Description:
A flaw was found in mbsync where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
Recommendations:
For versions prior to 1.3.6, update to version 1.3.6 or later.
For versions prior to 1.4.2, update to version 1.4.2 or later.