CVE-2024-28054

{"id": "CVE-2024-28054", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2024-03-18T17:15:07.360", "references": [{"url": "https://gitlab.com/amavis/amavis/-/issues/112", "source": "cve@mitre.org"}, {"url": "https://gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054", "source": "cve@mitre.org"}, {"url": "https://lists.amavis.org/pipermail/amavis-users/2024-March/006811.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6J2MK2CS3KNJOS66QLW2MBJ4PIDLWJP5/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDF6M3UXP45INVSWB4HXEDZH35CVZIJ4/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQQQQPTZ5JHXTUCYUXZHY6RZJ6VOGOAJ/", "source": "cve@mitre.org"}, {"url": "https://metacpan.org/pod/MIME::Tools", "source": "cve@mitre.org"}, {"url": "https://www.amavis.org/release-notes.txt", "source": "cve@mitre.org"}, {"url": "https://gitlab.com/amavis/amavis/-/issues/112", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.amavis.org/pipermail/amavis-users/2024-March/006811.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6J2MK2CS3KNJOS66QLW2MBJ4PIDLWJP5/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDF6M3UXP45INVSWB4HXEDZH35CVZIJ4/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQQQQPTZ5JHXTUCYUXZHY6RZJ6VOGOAJ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://metacpan.org/pod/MIME::Tools", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.amavis.org/release-notes.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-436"}]}], "descriptions": [{"lang": "en", "value": "Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware."}, {"lang": "es", "value": "Amavis anterior a 2.12.3 y 2.13.x anterior a 2.13.1, en parte debido a su uso de herramientas MIME, tiene un conflicto de interpretaci\u00f3n (en relaci\u00f3n con algunos agentes de usuario de correo) cuando hay m\u00faltiples par\u00e1metros de l\u00edmite en un mensaje de correo electr\u00f3nico MIME. En consecuencia, puede haber una verificaci\u00f3n incorrecta de archivos prohibidos o malware."}], "lastModified": "2025-03-27T15:15:51.183", "sourceIdentifier": "cve@mitre.org"}