CVE-2021-3578

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: mbsync versions prior to 1.3.6 mbsync versions prior to 1.4.2

Description: A flaw was found in mbsync where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

Recommendations: For versions prior to 1.3.6, update to version 1.3.6 or later. For versions prior to 1.4.2, update to version 1.4.2 or later.

Fix

RCE

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-704

Related Identifiers

ALT-PU-2024-10502

ALT-PU-2024-10800

CVE-2021-3578

DLA-3066-1

OPENSUSE-SU-2021:1170-1

OPENSUSE-SU-2021:1185-1

OPENSUSE-SU-2021_1170-1

OPENSUSE-SU-2024:10866-1

Affected Products

Alt Linux

Suse

Mbsync

CVE-2021-3578

Weakness Enumeration

Related Identifiers

Affected Products

References · 27