Lucene search

K

MitreVULNRICHMENT:CVE-2024-28054

HistoryMar 18, 2024 - 12:00 a.m.

CVE-2024-28054

2024-03-1800:00:00

mitre

github.com

3

amavis

interpretation conflict

mime-tools

email

banned files

malware

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

References

gitlab.com/amavis/amavis/-/issues/112

gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054

lists.amavis.org/pipermail/amavis-users/2024-March/006811.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6J2MK2CS3KNJOS66QLW2MBJ4PIDLWJP5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDF6M3UXP45INVSWB4HXEDZH35CVZIJ4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQQQQPTZ5JHXTUCYUXZHY6RZJ6VOGOAJ/

metacpan.org/pod/MIME::Tools

www.amavis.org/release-notes.txt

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-28054

debiancve1 openvas5 freebsd1 nessus5 mageia1 cve1 veracode1 cvelist1 fedora3 redos1 ubuntu1 ubuntucve1 nvd1 osv1