isync - Arch Linux

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2579	1.4.3-1		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2021-44143	AVG-2579	Medium	Yes	Arbitrary code execution	A security issue was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted...

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2042	1.4.1-1	1.4.2-1	Medium	Fixed
AVG-1598	1.3.3-1	1.3.5-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-20247	AVG-1598	High	Yes	Directory traversal	A security issue was found in isync/mbsync before versions 1.3.5 and 1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur,...
CVE-2021-3578	AVG-2042	Medium	Yes	Arbitrary code execution	A security issue was found in mbsync before version 1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-20247

AVG-1598

High

Yes

Directory traversal

A security issue was found in isync/mbsync before versions 1.3.5 and 1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur,...

CVE-2021-3578

AVG-2042

Medium

Yes

Arbitrary code execution

A security issue was found in mbsync before version 1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary...

Advisories

Date	Advisory	Group	Severity	Type
09 Jun 2021	ASA-202106-27	AVG-2042	Medium	arbitrary code execution
27 Feb 2021	ASA-202102-38	AVG-1598	High	directory traversal