QwikSec

Security Database

CVE

CWE

Training

CVE-2024-28054

Published: Mar 18, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.amavis.org/release-notes.txt

https://metacpan.org/pod/MIME::Tools

https://gitlab.com/amavis/amavis/-/issues/112

https://gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054

https://lists.amavis.org/pipermail/amavis-users/2024-March/006811.html

FEDORA-2024-1d87055861

vendor-advisory

FEDORA-2024-3cf9eb64ba

vendor-advisory

FEDORA-2024-8bbcae6af2

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.