Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 3 Dec 2021 12:31:14 +0100
From: Oswald Buddenhagen <>
Subject: CVE-2021-44143: heap overflow in isync/mbsync


A flaw was found in mbsync versions 1.4.0 through 1.4.3. Due to an
unchecked condition, a malicious or compromised IMAP server could use
a crafted mail message that lacks headers (i.e., one that
starts with an empty line) to provoke a heap overflow, which could
conceivably be exploited for remote code execution.


upgrade to the freshly released v1.4.4 available from , or apply the 
attached patch.

View attachment "CVE-2021-44143-buffer-overflow-on-invalid-1.4.patch" of type "text/x-diff" (2692 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.