A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
Publication date: Sat, 19 Feb 2022 00:15:00 +0000