Lucene search
Ubuntu.comUB:CVE-2024-32487HistoryApr 13, 2024 - 12:00 a.m.
CVE-2024-32487
2024-04-1300:00:00
ubuntu.com
ubuntu.com
15
cve-2024-32487
os command execution
new line
file name
lessopen environment variable
unix
untrusted archive
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the
files extracted from an untrusted archive. Exploitation also requires the
LESSOPEN environment variable, but this is set by default in many common
cases.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | less | < 487-0.1ubuntu0.1~esm2 | UNKNOWN |
| ubuntu | 20.04 | noarch | less | < 551-1ubuntu0.3 | UNKNOWN |
| ubuntu | 22.04 | noarch | less | < 590-1ubuntu0.22.04.3 | UNKNOWN |
| ubuntu | 23.10 | noarch | less | < 590-2ubuntu0.23.10.2 | UNKNOWN |
| ubuntu | 24.04 | noarch | less | < 590-2ubuntu2.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | less | < 458-2ubuntu0.1~esm1 | UNKNOWN |
| ubuntu | 16.04 | noarch | less | < 481-2.1ubuntu0.2+esm2 | UNKNOWN |
Related
slackware
slackware
[slackware-security] less
2024-04-14 18:39:08
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0139)
2024-04-19 00:00:00
Ubuntu: Security Advisory (USN-6756-1)
2024-04-30 00:00:00
Slackware: Security Advisory (SSA:2024-105-01)
2024-04-15 00:00:00
nessus
nessus
SUSE SLES15 Security Update : less (SUSE-SU-2024:1534-1)
2024-05-07 00:00:00
RHEL 9 : less (RHSA-2024:3513)
2024-05-30 00:00:00
veracode
veracode
OS Command Execution
2024-04-26 04:16:41
cvelist
cvelist
CVE-2024-32487
2024-04-13 00:00:00
cloudfoundry
cloudfoundry
USN-6756-1: less vulnerability | Cloud Foundry
2024-05-23 00:00:00
amazon
amazon
Important: less
2024-05-23 22:04:00
rocky
rocky
less security update
2024-06-14 14:00:33
debiancve
debiancve
CVE-2024-32487
2024-04-13 15:15:52
cve
cve
CVE-2024-32487
2024-04-13 15:15:52
mageia
mageia
Updated less packages fix security vulnerability
2024-04-19 04:16:42
cbl_mariner
cbl_mariner
CVE-2024-32487 affecting package less for versions less than 590-4
2024-04-30 01:31:53
CVE-2024-32487 affecting package less for versions less than 643-2
2024-05-31 18:55:08
osv
osv
CVE-2024-32487
2024-04-13 15:15:52
less vulnerability
2024-04-29 10:18:57
Important: less security update
2024-05-30 00:00:00
redhat
redhat
(RHSA-2024:3513) Important: less security update
2024-05-30 14:18:56
nvd
nvd
CVE-2024-32487
2024-04-13 15:15:52
ubuntu
ubuntu
less vulnerability
2024-04-29 00:00:00
oraclelinux
oraclelinux
less security update
2024-06-06 00:00:00
less security update
2024-05-30 00:00:00
redhatcve
redhatcve
CVE-2024-32487
2024-04-14 14:23:59
cloudlinux
cloudlinux
less: Fix of CVE-2024-32487
2024-05-17 11:47:49
almalinux
almalinux
Important: less security update
2024-05-30 00:00:00
redos
redos
ROS-20240516-01
2024-05-16 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0273
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-4.0-0612
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-3.0-0759
2024-05-15 00:00:00
debian
debian
[SECURITY] [DSA 5679-1] less security update
2024-05-03 21:12:55
[SECURITY] [DLA 3823-1] less security update
2024-05-27 19:50:55