N/A

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

N/A

不正确的类型转换

Sourceforge mbsync 代码问题漏洞

Sourceforge mbsync是美国Sourceforge社区的一个应用软件。提供同步远程IMAP邮箱和本地maildir样式的邮箱 Sourceforge mbsync 中存在代码问题漏洞，该漏洞源于在处理来自恶意服务器的意外APPENDUID响应时出现边界错误并触发内存损坏可在系统上执行任意代码。远程攻击者可利用该漏洞可以向客户机发送响应。以下产品及版本受到影响: Isync stretch 1.2.1-2，buster 1.3.0-2，bullseye 1.3.0-2.2，sid 1.3.0-

N/A

N/A