less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | less | < 590-2.1~deb12u2 | less_590-2.1~deb12u2_all.deb |
Debian | 11 | all | less | < 551-2+deb11u2 | less_551-2+deb11u2_all.deb |
Debian | 10 | all | less | < 487-0.1+deb10u1 | less_487-0.1+deb10u1_all.deb |
Debian | 999 | all | less | < 590-2.1 | less_590-2.1_all.deb |
Debian | 13 | all | less | < 590-2.1 | less_590-2.1_all.deb |