Updated: 2024-04-30 05:04:52.820259
Description:
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0 |
| CVSS Version 3.x | HIGH | 8.6 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | less | 590 | 8.6 | HIGH | Released | CLSA-2024:1715672446 | 2024-05-14 04:59:46 | |
| CentOS 6 ELS | less | 436 | 8.6 | HIGH | Released | CLSA-2024:1715946466 | 2024-05-29 10:11:15 | |
| CentOS 7 ELS | less | 458 | 8.6 | HIGH | Released | CLSA-2024:1715672666 | 2024-05-29 10:11:14 | |
| CentOS 8.4 ELS | less | 530 | 8.6 | HIGH | Released | CLSA-2024:1715673429 | 2024-05-14 04:59:48 | |
| CentOS 8.5 ELS | less | 530 | 8.6 | HIGH | Released | CLSA-2024:1715673596 | 2024-05-14 04:59:48 | |
| CentOS Stream 8 ELS | less | 530 | 8.6 | HIGH | Already Fixed | 2024-07-05 10:14:05 | ||
| CloudLinux 6 ELS | less | 436 | 8.6 | HIGH | Released | CLSA-2024:1715946717 | 2024-06-03 14:21:39 | |
| Oracle Linux 6 ELS | less | 436 | 8.6 | HIGH | Released | CLSA-2024:1715946971 | 2024-05-17 10:12:18 | |
| Ubuntu 16.04 ELS | less | 481 | 8.6 | HIGH | Released | CLSA-2024:1715673753 | 2024-05-14 04:59:46 | |
| Ubuntu 18.04 ELS | less | 487 | 8.6 | HIGH | Released | CLSA-2024:1715947224 | 2024-05-17 10:12:16 |