Oswald Buddenhagen

**Name of the Vulnerable Software and Affected Versions** mbsync versions prior to 1.4.4 **Description** A flaw was found due to inadequate handling of extremely large (>=2GiB) IMAP literals. Malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to IMAP servers to minimize the risk of exploitation. Avoid using mbsync with untrusted or potentially compromised IMAP servers until the issue is resolved.