CVE-2024-32487 : less through 653 allows OS command execution via a newline character in the name

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

Published 2024-04-13 00:00:00

Updated 2024-07-08 14:18:29

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2024-32487

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-32487

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-32487

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.6	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	1.8	6.0	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-08
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-32487

CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2024-32487

http://www.openwall.com/lists/oss-security/2024/04/15/1

oss-security - Re: less(1) with LESSOPEN mishandles \n in paths
https://security.netapp.com/advisory/ntap-20240605-0009/

CVE-2024-32487 less Vulnerability in NetApp Products | NetApp Product Security
https://www.openwall.com/lists/oss-security/2024/04/13/2

oss-security - Re: less(1) with LESSOPEN mishandles \n in paths
https://www.openwall.com/lists/oss-security/2024/04/12/5

oss-security - less(1) with LESSOPEN mishandles \n in paths
https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33

Fix bug when viewing a file whose name contains a newline. · gwsw/less@007521a · GitHub
https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html

[SECURITY] [DLA 3823-1] less security update

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-32487

Products affected by CVE-2024-32487

Exploit prediction scoring system (EPSS) score for CVE-2024-32487

CVSS scores for CVE-2024-32487

CWE ids for CVE-2024-32487

References for CVE-2024-32487