less is vulnerable to OS command execution. The vulnerability is due to mishandling of quoting in the filename.c file within the less command-line utility, allowing attackers to execute arbitrary commands via a newline character in the name of a file.
CPE | Name | Operator | Version |
---|---|---|---|
less:sid | eq | 551-2 | |
less:buster | eq | 487-0.1+b1 | |
less:sid | eq | 551-2 | |
less:buster | eq | 487-0.1+b1 |
www.openwall.com/lists/oss-security/2024/04/15/1
github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
lists.debian.org/debian-lts-announce/2024/05/msg00018.html
security-tracker.debian.org/tracker/CVE-2024-32487
security.netapp.com/advisory/ntap-20240605-0009/
www.openwall.com/lists/oss-security/2024/04/12/5
www.openwall.com/lists/oss-security/2024/04/13/2