less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the
files extracted from an untrusted archive. Exploitation also requires the
LESSOPEN environment variable, but this is set by default in many common
cases.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | less | < 487-0.1ubuntu0.1~esm2 | UNKNOWN |
ubuntu | 20.04 | noarch | less | < 551-1ubuntu0.3 | UNKNOWN |
ubuntu | 22.04 | noarch | less | < 590-1ubuntu0.22.04.3 | UNKNOWN |
ubuntu | 23.10 | noarch | less | < 590-2ubuntu0.23.10.2 | UNKNOWN |
ubuntu | 24.04 | noarch | less | < 590-2ubuntu2.1 | UNKNOWN |
ubuntu | 14.04 | noarch | less | < 458-2ubuntu0.1~esm1 | UNKNOWN |
ubuntu | 16.04 | noarch | less | < 481-2.1ubuntu0.2+esm2 | UNKNOWN |