Home > Vulnerability Database > CVE-2021-3657

Mend.io Vulnerability Database

CVE-2021-3657

Date: February 18, 2022

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.

Severity Score

9.8

Related Resources (10)

Url: https://security.gentoo.org/glsa/202208-15

Url: https://www.openwall.com/lists/oss-security/2021/12/03/1

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3657

Url: https://security-tracker.debian.org/tracker/CVE-2021-3657

Url: https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2028932

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3657

Url: https://access.redhat.com/security/cve/CVE-2021-3657

Url: https://security.alpinelinux.org/vuln/CVE-2021-3657

Url: https://www.mend.io/vulnerability-database/CVE-2021-3657

Severity Score

9.8

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3657

Date: February 18, 2022

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?