Bugzilla – Bug 1192985
VUL-0: CVE-2021-44143: isync: heap overflow in in mbsync while dealing with a mail message without header
Last modified: 2022-01-05 09:22:16 UTC
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked
condition, a malicious or compromised IMAP server could use a crafted mail
message that lacks headers (i.e., one that starts with an empty line) to provoke
a heap overflow, which could conceivably be exploited for remote code execution.
There is still no fix upstream.
Only openSUSE:Factory should be affected.
No fix upstream or in other distributions yet...
1.4.4 fixes this, submitted to tumbleweed.
actually affects older distros, reopening.