CVE-2024-32487

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Static Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Debian logo
Debian Releases
Debian Product
Codename
less
bullseye (security)
551-2+deb11u2
fixed
bullseye
551-2+deb11u2
fixed
bookworm
590-2.1~deb12u2
fixed
bookworm (security)
590-2.1~deb12u2
fixed
sid
668-1
fixed
trixie
668-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
less
noble
Fixed 590-2ubuntu2.1
released
mantic
Fixed 590-2ubuntu0.23.10.2
released
jammy
Fixed 590-1ubuntu0.22.04.3
released
focal
Fixed 551-1ubuntu0.3
released
bionic
Fixed 487-0.1ubuntu0.1~esm2
released
xenial
Fixed 481-2.1ubuntu0.2+esm2
released
trusty
Fixed 458-2ubuntu0.1~esm1
released
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/04/15/1
https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html
https://security.netapp.com/advisory/ntap-20240605-0009/
https://www.openwall.com/lists/oss-security/2024/04/12/5
https://www.openwall.com/lists/oss-security/2024/04/13/2
http://www.openwall.com/lists/oss-security/2024/04/15/1
https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html
https://security.netapp.com/advisory/ntap-20240605-0009/
https://www.openwall.com/lists/oss-security/2024/04/12/5
https://www.openwall.com/lists/oss-security/2024/04/13/2