Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-28054

HistoryMar 18, 2024 - 5:15 p.m.

CVE-2024-28054

2024-03-1817:15:07

Debian Security Bug Tracker

security-tracker.debian.org

amavis

mime

interpretation conflict

cve-2024-28054

mail user agents

banned files

malware

unix

AI Score

6.7

Confidence

Low

EPSS

Percentile

13.0%

JSON

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

OSVersionArchitecturePackageVersionFilename
Debian12allamavisd-new< 1:2.13.0-3+deb12u1amavisd-new_1:2.13.0-3+deb12u1_all.deb
Debian11allamavisd-new< 1:2.11.1-5+deb11u1amavisd-new_1:2.11.1-5+deb11u1_all.deb
Debian999allamavisd-new< 1:2.13.0-5amavisd-new_1:2.13.0-5_all.deb
Debian13allamavisd-new< 1:2.13.0-5amavisd-new_1:2.13.0-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	amavisd-new	< 1:2.13.0-3+deb12u1	amavisd-new_1:2.13.0-3+deb12u1_all.deb
Debian	11	all	amavisd-new	< 1:2.11.1-5+deb11u1	amavisd-new_1:2.11.1-5+deb11u1_all.deb
Debian	999	all	amavisd-new	< 1:2.13.0-5	amavisd-new_1:2.13.0-5_all.deb
Debian	13	all	amavisd-new	< 1:2.13.0-5	amavisd-new_1:2.13.0-5_all.deb