CVE-2024-32487

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Configurations

No configuration.

History

21 Nov 2024, 09:15

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/04/15/1 - () http://www.openwall.com/lists/oss-security/2024/04/15/1 -
References () https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 - () https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 -
References () https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html - () https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html -
References () https://security.netapp.com/advisory/ntap-20240605-0009/ - () https://security.netapp.com/advisory/ntap-20240605-0009/ -
References () https://www.openwall.com/lists/oss-security/2024/04/12/5 - () https://www.openwall.com/lists/oss-security/2024/04/12/5 -
References () https://www.openwall.com/lists/oss-security/2024/04/13/2 - () https://www.openwall.com/lists/oss-security/2024/04/13/2 -

08 Jul 2024, 14:18

Type Values Removed Values Added
CWE CWE-96
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.6

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240605-0009/ -

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/15/1 -

15 Apr 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) less hasta 653 permite la ejecución de comandos del sistema operativo mediante un carácter de nueva línea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotación normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extraídos de un archivo que no es de confianza. La explotación también requiere la variable de entorno LESSOPEN, pero está configurada de forma predeterminada en muchos casos comunes.

13 Apr 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-13 15:15

Updated : 2024-11-21 09:15


NVD link : CVE-2024-32487

Mitre link : CVE-2024-32487

CVE.ORG link : CVE-2024-32487


JSON object : View

Products Affected

No product.

CWE
CWE-96

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')