Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-32487HistoryApr 13, 2024 - 3:15 p.m.
CVE-2024-32487
2024-04-1315:15:52
Debian Security Bug Tracker
security-tracker.debian.org
19
cve-2024-32487
os command execution
newline character
unix
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | less | < 590-2.1~deb12u2 | less_590-2.1~deb12u2_all.deb |
| Debian | 11 | all | less | < 551-2+deb11u2 | less_551-2+deb11u2_all.deb |
| Debian | 10 | all | less | < 487-0.1+deb10u1 | less_487-0.1+deb10u1_all.deb |
| Debian | 999 | all | less | < 590-2.1 | less_590-2.1_all.deb |
| Debian | 13 | all | less | < 590-2.1 | less_590-2.1_all.deb |
Related
cve
cve
CVE-2024-32487
2024-04-13 15:15:52
mageia
mageia
Updated less packages fix security vulnerability
2024-04-19 04:16:42
openvas
openvas
Slackware: Security Advisory (SSA:2024-105-01)
2024-04-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1550-1)
2024-05-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1598-1)
2024-05-13 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-32487 affecting package less for versions less than 590-4
2024-04-30 01:31:53
CVE-2024-32487 affecting package less for versions less than 643-2
2024-05-31 18:55:08
osv
osv
CVE-2024-32487
2024-04-13 15:15:52
less vulnerability
2024-04-29 10:18:57
Important: less security update
2024-05-30 00:00:00
redhat
redhat
(RHSA-2024:3513) Important: less security update
2024-05-30 14:18:56
nvd
nvd
CVE-2024-32487
2024-04-13 15:15:52
nessus
nessus
Rocky Linux 9 : less (RLSA-2024:3513)
2024-06-14 00:00:00
SUSE SLES15 Security Update : less (SUSE-SU-2024:1534-1)
2024-05-07 00:00:00
ubuntu
ubuntu
less vulnerability
2024-04-29 00:00:00
oraclelinux
oraclelinux
less security update
2024-06-06 00:00:00
less security update
2024-05-30 00:00:00
slackware
slackware
[slackware-security] less
2024-04-14 18:39:08
veracode
veracode
OS Command Execution
2024-04-26 04:16:41
cvelist
cvelist
CVE-2024-32487
2024-04-13 00:00:00
cloudfoundry
cloudfoundry
USN-6756-1: less vulnerability | Cloud Foundry
2024-05-23 00:00:00
amazon
amazon
Important: less
2024-05-23 22:04:00
rocky
rocky
less security update
2024-06-14 14:00:33
redhatcve
redhatcve
CVE-2024-32487
2024-04-14 14:23:59
ubuntucve
ubuntucve
CVE-2024-32487
2024-04-13 00:00:00
cloudlinux
cloudlinux
less: Fix of CVE-2024-32487
2024-05-17 11:47:49
almalinux
almalinux
Important: less security update
2024-05-30 00:00:00
redos
redos
ROS-20240516-01
2024-05-16 00:00:00
debian
debian
[SECURITY] [DSA 5679-1] less security update
2024-05-03 21:12:55
[SECURITY] [DLA 3823-1] less security update
2024-05-27 19:50:55
photon
photon
Critical Photon OS Security Update - PHSA-2024-4.0-0612
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0273
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-3.0-0759
2024-05-15 00:00:00