DescriptionA flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.SUSE Bugzilla entry: 1192985 [REOPENED] No SUSE Security Announcements cross referenced.
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA isync-1.4.4-1.1