CVE-2021-3657

Name of the Vulnerable Software and Affected Versions mbsync versions prior to 1.4.4

Description A flaw was found due to inadequate handling of extremely large (>=2GiB) IMAP literals. Malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to IMAP servers to minimize the risk of exploitation. Avoid using mbsync with untrusted or potentially compromised IMAP servers until the issue is resolved.