CVE-2021-3578

Published: Feb 16, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

Affected (6)

Products: Isync Project: Isync · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Isync Project Isync	Before 1.3.6
Isync Project Isync	Version 1.4.0
Isync Project Isync	Version 1.4.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

References (18)

http://www.openwall.com/lists/oss-security/2021/06/07/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1961710

Source: secalert@redhat.com

Not Applicable

https://bugzilla.redhat.com/show_bug.cgi?id=1967397

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

Source: secalert@redhat.com

Not Applicable

https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI/

Source: secalert@redhat.com

https://security.gentoo.org/glsa/202208-15

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/06/07/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/06/07/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1961710

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://bugzilla.redhat.com/show_bug.cgi?id=1967397

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202208-15

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/06/07/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.