CVE-2024-32487
CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
| Vendor | n/a |
| Product | n/a |
| Published | Apr 13, 2024 |
| Last Updated | Aug 2, 2024 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new high vulnerabilities affecting n/a n/a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a
References
openwall.com: https://www.openwall.com/lists/oss-security/2024/04/13/2 openwall.com: https://www.openwall.com/lists/oss-security/2024/04/12/5 github.com: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 openwall.com: http://www.openwall.com/lists/oss-security/2024/04/15/1 security.netapp.com: https://security.netapp.com/advisory/ntap-20240605-0009/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html