This could be plausibly exploited for remote code execution on the client. (CVE-2021-20247) - A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. The highest threat from this vulnerability is to data confidentiality and integrity. ![]() Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '.' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. A flaw was found in mbsync before v1.3.5 and v1.4.1. Description The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3066 advisory. ![]() Synopsis The remote Debian host is missing one or more security-related updates.
0 Comments
Leave a Reply. |