Launchpad CVE tracker

CVE 2024-28054

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

Related bugs and status

CVE-2024-28054 (Candidate) is related to these bugs:

Bug #2067460: Amavisd crashes when calling external command /usr/bin/altermime after updated to 2.12.2-1ubuntu1.1

Summary				In	Importance	Status
	2067460	Amavisd crashes when calling external command /usr/bin/altermime after updated to 2.12.2-1ubuntu1.1		amavisd-new (Ubuntu)	Undecided	Incomplete

See the

CVE page on Mitre.org for more details.

References

FEDORA: FEDORA-2024-1d87055861
FEDORA: FEDORA-2024-3cf9eb64ba
FEDORA: FEDORA-2024-8bbcae6af2
MISC: https://gitlab.com/ama...
MISC: https://gitlab.com/ama...
MISC: https://lists.amavis.o...
MISC: https://metacpan.org/p...
MISC: https://www.amavis.org...

Launchpad.net

CVE 2024-28054

Related bugs and status

Related bugs

References