Lucene search

Veracode Vulnerability DatabaseVERACODE:45885

HistoryMar 17, 2024 - 6:07 a.m.

Misinterpretation Of Input

2024-03-1706:07:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

amavis

vulnerability

mime

misinterpretation

software

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

JSON

amavis is vulnerable to Misinterpretation of Input. The vulnerability is due to an interpretation conflict in MIME email messages, allows incorrect checks for banned files or malware when multiple boundary parameters are present in the email message.

CPENameOperatorVersion
amavisd-new:sideq1:2.11.1-4
amavisd-new:sideq1:2.11.1-4

CPE	Name	Operator	Version
	amavisd-new:sid	eq	1:2.11.1-4
	amavisd-new:sid	eq	1:2.11.1-4

References

gitlab.com/amavis/amavis/-/issues/112

gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054

lists.amavis.org/pipermail/amavis-users/2024-March/006811.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6J2MK2CS3KNJOS66QLW2MBJ4PIDLWJP5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDF6M3UXP45INVSWB4HXEDZH35CVZIJ4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQQQQPTZ5JHXTUCYUXZHY6RZJ6VOGOAJ/

metacpan.org/pod/MIME::Tools

security-tracker.debian.org/tracker/CVE-2024-28054

www.amavis.org/release-notes.txt