PT-2024-4424 · Unknown+4 · Mime-Tools+4

Published

2024-03-18

Updated

2024-06-11

CVE-2024-28054

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Amavis versions 2.12.3 and earlier, Amavis versions 2.13.x before 2.13.1

Description The issue is related to an Interpretation Conflict when there are multiple boundary parameters in a MIME email message, which can lead to an incorrect check for banned files or malware. This is partly due to Amavis' use of MIME-tools. The conflict arises relative to some mail user agents.

Recommendations For Amavis versions 2.12.3 and earlier, update to version 2.12.3 or later. For Amavis versions 2.13.x before 2.13.1, update to version 2.13.1 or later.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-436

Related Identifiers

BDU:2024-04924

CVE-2024-28054

MGASA-2024-0212

USN-6790-1

Affected Products

Amavis

Linuxmint

Mime-Tools

Red Os

Ubuntu

PT-2024-4424 · Unknown+4 · Mime-Tools+4

CVE-2024-28054

Weakness Enumeration

Related Identifiers

Affected Products

References · 29