CVE-2024-28054
Ubuntu Security Notice USN-6790-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.
Amavis anterior a 2.12.3 y 2.13.x anterior a 2.13.1, en parte debido a su uso de herramientas MIME, tiene un conflicto de interpretación (en relación con algunos agentes de usuario de correo) cuando hay múltiples parámetros de límite en un mensaje de correo electrónico MIME. En consecuencia, puede haber una verificación incorrecta de archivos prohibidos o malware.
It was discovered that amavisd-new incorrectly handled certain MIME email messages with multiple boundary parameters. A remote attacker could possibly use this issue to bypass checks for banned files or malware.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-01 CVE Reserved
- 2024-03-18 CVE Published
- 2025-03-27 CVE Updated
- 2025-05-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-436: Interpretation Conflict
CAPEC
References (8)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Affected
| ||||||