Amavis » Virus Scanner : Security Vulnerabilities, CVEs,
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-18
Updated
2024-03-23
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
Max CVSS
7.8
EPSS Score
18.41%
Published
2007-04-13
Updated
2018-10-16
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter.
Max CVSS
2.1
EPSS Score
0.05%
Published
2002-10-04
Updated
2016-10-18
The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.
Max CVSS
10.0
EPSS Score
1.17%
Published
1999-12-31
Updated
2017-10-10
4 vulnerabilities found