amavis is vulnerable to Misinterpretation of Input. The vulnerability is due to an interpretation conflict in MIME email messages, allows incorrect checks for banned files or malware when multiple boundary parameters are present in the email message.
CPE | Name | Operator | Version |
---|---|---|---|
amavisd-new:sid | eq | 1:2.11.1-4 | |
amavisd-new:sid | eq | 1:2.11.1-4 |
gitlab.com/amavis/amavis/-/issues/112
gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054
lists.amavis.org/pipermail/amavis-users/2024-March/006811.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6J2MK2CS3KNJOS66QLW2MBJ4PIDLWJP5/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDF6M3UXP45INVSWB4HXEDZH35CVZIJ4/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQQQQPTZ5JHXTUCYUXZHY6RZJ6VOGOAJ/
metacpan.org/pod/MIME::Tools
security-tracker.debian.org/tracker/CVE-2024-28054
www.amavis.org/release-notes.txt