CVE-2024-28054
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-28054
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28054.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-28054
- Related
- Published
- 2024-03-18T17:15:07Z
- Modified
- 2025-02-14T11:51:59.506458Z
- Summary
- [none]
- Details
-
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.
- References
-
- https://gitlab.com/amavis/amavis/-/issues/112
- https://gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054
- https://lists.amavis.org/pipermail/amavis-users/2024-March/006811.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6J2MK2CS3KNJOS66QLW2MBJ4PIDLWJP5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDF6M3UXP45INVSWB4HXEDZH35CVZIJ4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQQQQPTZ5JHXTUCYUXZHY6RZJ6VOGOAJ/
- https://metacpan.org/pod/MIME::Tools
- https://www.amavis.org/release-notes.txt
- https://security-tracker.debian.org/tracker/CVE-2024-28054
Affected packages
Debian:11 / amavisd-new
Package
- Name
- amavisd-new
- Purl
- pkg:deb/debian/amavisd-new?arch=source
Debian:12 / amavisd-new
Package
- Name
- amavisd-new
- Purl
- pkg:deb/debian/amavisd-new?arch=source
Debian:13 / amavisd-new
Package
- Name
- amavisd-new
- Purl
- pkg:deb/debian/amavisd-new?arch=source
Git / gitlab.com/amavis/amavis
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/amavis/amavis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
amavis-0.*
amavis-0.1.1
amavis-0.2.0-pre6
amavis-0.2.1-pre3
amavis-0.3.12
amavis-0.3.12pre6
amavis-0.3.12pre7
amavis-0.3.12pre8
amavis-0.3.13pre1
Other
amavis-perl-10
amavis-perl-11
amavis-perl-7
amavis-perl-8
amavis-perl-9
amavisd-new-20020329
amavisd-new-20020411
amavisd-new-20020418
amavisd-new-20020423
amavisd-new-20020424
amavisd-new-20020517
amavisd-new-20020630
amavisd-new-20021116
amavisd-new-20021227
amavisd-new-20021227-p1
amavisd-new-20021227-p2
amavisd-new-20030314
amavisd-new-20030314-p1
amavisd-new-20030314-p2
amavisd-new-20030314-rc1
amavisd-new-20030314-rc2
amavisd-new-20030314-rc3
amavisd-new-20030616
amavisd-new-20030616-p1
amavisd-new-20030616-p10
amavisd-new-20030616-p2
amavisd-new-20030616-p4
amavisd-new-20030616-p5
amavisd-new-20030616-p6
amavisd-new-20030616-p6-rc1
amavisd-new-20030616-p6-rc2
amavisd-new-20030616-p7
amavisd-new-20030616-p8
amavisd-new-20030616-p8-rc1
amavisd-new-20030616-p8-rc2
amavisd-new-20030616-p8-rc3
amavisd-new-20030616-p9
amavisd-new-20030616-p9-rc1
amavisd-new-20030616-p9-rc2
amavisd-new-20030616-p9-rc3
amavisd-new-20030616-p9-rc4
amavisd-new-20030616-rc1
amavisd-new-20030616-rc2
amavisd-new-20030616-rc3
amavisd-new-20031110
amavisd-new-20031205
amavisd-new-20031210
amavisd-new-20031229
amavisd-new-20040105
amavisd-new-20040121
amavisd-new-20040217
amavisd-new-20040223
amavisd-new-20040301
amavisd-new-20040302
amavisd-new-20040310
amavisd-new-20040411
amavisd-new-20040415
amavisd-new-20040422
amavisd-new-20040526
amavisd-new-20040623
amavisd-new-20040701
amavisd-new-20040701-rc1
amavisd-new-20040701-rc2
amavisd-new-20040701-rc3
amavisd-new-20040701-rc4
amavisd-new-20040701-rc5
amavisd-snapshot-20010407
amavisd-snapshot-20010714
amavisd-snapshot-20011031
amavisd-snapshot-20020220
amavisd-snapshot-20020300
amavisd-snapshot-20020531
amavisd-0.*
amavisd-0.1
amavisd-new-2.*
amavisd-new-2.1.0
amavisd-new-2.1.0-rc1
amavisd-new-2.1.0-rc2
amavisd-new-2.1.0-rc3
amavisd-new-2.1.0-rc4
amavisd-new-2.1.1
amavisd-new-2.1.2
amavisd-new-2.10.0
amavisd-new-2.10.0-rc1
amavisd-new-2.10.0-rc2
amavisd-new-2.10.1
amavisd-new-2.11.0
amavisd-new-2.11.0-rc1
amavisd-new-2.11.1
amavisd-new-2.2.0
amavisd-new-2.2.0-pre1
amavisd-new-2.2.0-pre2
amavisd-new-2.2.0-pre3
amavisd-new-2.2.0-rc1
amavisd-new-2.2.0-rc2
amavisd-new-2.2.1
amavisd-new-2.2.1-rc1
amavisd-new-2.2.1-rc2
amavisd-new-2.2.1-rc3
amavisd-new-2.2.1-rc4
amavisd-new-2.3.0
amavisd-new-2.3.0-pre1
amavisd-new-2.3.0-pre2
amavisd-new-2.3.0-pre3
amavisd-new-2.3.0-pre4
amavisd-new-2.3.0-pre5
amavisd-new-2.3.0-rc1
amavisd-new-2.3.0-rc2
amavisd-new-2.3.0-rc3
amavisd-new-2.3.1
amavisd-new-2.3.1-pre1
amavisd-new-2.3.1-rc1
amavisd-new-2.3.1-rc2
amavisd-new-2.3.1-rc3
amavisd-new-2.3.2
amavisd-new-2.3.2-pre1
amavisd-new-2.3.2-pre3
amavisd-new-2.3.2-rc1
amavisd-new-2.3.2-rc2
amavisd-new-2.3.3
amavisd-new-2.3.3-pre1
amavisd-new-2.3.3-pre2
amavisd-new-2.3.3-rc1
amavisd-new-2.3.3-rc2
amavisd-new-2.3.3-rc3
amavisd-new-2.4.0
amavisd-new-2.4.0-pre1
amavisd-new-2.4.0-pre2
amavisd-new-2.4.0-pre3
amavisd-new-2.4.0-pre4
amavisd-new-2.4.0-pre5
amavisd-new-2.4.0-pre6
amavisd-new-2.4.0-pre7
amavisd-new-2.4.0-rc1
amavisd-new-2.4.0-rc2
amavisd-new-2.4.0-rc3
amavisd-new-2.4.0-rc4
amavisd-new-2.4.0-rc5
amavisd-new-2.4.0-rc6
amavisd-new-2.4.0-rc7
amavisd-new-2.4.0-rc8
amavisd-new-2.4.1
amavisd-new-2.4.1-pre1
amavisd-new-2.4.1-rc1
amavisd-new-2.4.2
amavisd-new-2.4.2-pre1
amavisd-new-2.4.2-rc1
amavisd-new-2.4.2-rc2
amavisd-new-2.4.2-rc3
amavisd-new-2.4.3
amavisd-new-2.4.3-first
amavisd-new-2.4.3-pre1
amavisd-new-2.4.3-pre2
amavisd-new-2.4.3-rc1
amavisd-new-2.4.3-rc2
amavisd-new-2.4.4
amavisd-new-2.4.4-pre1
amavisd-new-2.4.4-rc1
amavisd-new-2.4.4-rc2
amavisd-new-2.4.5
amavisd-new-2.4.5-pre1
amavisd-new-2.4.5-pre2
amavisd-new-2.4.5-rc1
amavisd-new-2.5.0
amavisd-new-2.5.0-pre1
amavisd-new-2.5.0-pre2
amavisd-new-2.5.0-pre3
amavisd-new-2.5.0-pre4
amavisd-new-2.5.0-rc1
amavisd-new-2.5.0-rc2
amavisd-new-2.5.1
amavisd-new-2.5.1-pre1
amavisd-new-2.5.1-rc1
amavisd-new-2.5.2
amavisd-new-2.5.2-rc1
amavisd-new-2.5.2-rc2
amavisd-new-2.5.3
amavisd-new-2.5.3-rc1
amavisd-new-2.5.4
amavisd-new-2.5.4-rc1
amavisd-new-2.6.0
amavisd-new-2.6.0-pre1
amavisd-new-2.6.0-pre3
amavisd-new-2.6.0-rc1
amavisd-new-2.6.0-rc2
amavisd-new-2.6.1
amavisd-new-2.6.1-rc1
amavisd-new-2.6.2
amavisd-new-2.6.2-pre1
amavisd-new-2.6.2-rc1
amavisd-new-2.6.2-rc2
amavisd-new-2.6.3
amavisd-new-2.6.3-rc1
amavisd-new-2.6.3-rc2
amavisd-new-2.6.4
amavisd-new-2.6.4-rc1
amavisd-new-2.6.4-rc2
amavisd-new-2.6.5
amavisd-new-2.6.5-rc1
amavisd-new-2.6.5-rc2
amavisd-new-2.6.6
amavisd-new-2.6.6-rc1
amavisd-new-2.7.0
amavisd-new-2.7.0-pre1
amavisd-new-2.7.0-pre10
amavisd-new-2.7.0-pre11
amavisd-new-2.7.0-pre12
amavisd-new-2.7.0-pre13
amavisd-new-2.7.0-pre14
amavisd-new-2.7.0-pre15
amavisd-new-2.7.0-pre2
amavisd-new-2.7.0-pre3
amavisd-new-2.7.0-pre4
amavisd-new-2.7.0-pre5
amavisd-new-2.7.0-pre6
amavisd-new-2.7.0-pre7
amavisd-new-2.7.0-pre8
amavisd-new-2.7.0-pre9
amavisd-new-2.7.0-rc1
amavisd-new-2.7.1
amavisd-new-2.7.1-rc1
amavisd-new-2.7.2
amavisd-new-2.8.0
amavisd-new-2.8.0-pre3
amavisd-new-2.8.0-pre4
amavisd-new-2.8.0-pre6
amavisd-new-2.8.0-pre7
amavisd-new-2.8.1
amavisd-new-2.8.1-rc1
amavisd-new-2.9.0-rc1
amavisd-new-2.9.0-rc2
amavisd-new-2.9.1
v2.*
v2.12.0
v2.12.1
v2.12.2