vulnerability
FreeBSD: VID-0a48e552-e470-11ee-99b3-589cfc0f81b0 (CVE-2024-28054): amavisd-new -- multipart boundary confusion
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:N) | Mar 17, 2024 | Dec 10, 2025 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:N)
Published
Mar 17, 2024
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
The Amavis project reports: Emails which consist of multiple parts (`Content-Type: multipart/*`) incorporate boundary information stating at which point one part ends and the next part begins. A boundary is announced by an Content-Type header's `boundary` parameter. To our current knowledge, RFC2046 and RFC2045 do not explicitly specify how a parser should handle multiple boundary parameters that contain conflicting values. As a result, there is no canonical choice which of the values should or should not be used for mime part decomposition.
Solution
freebsd-upgrade-package-amavisd-new
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.