Description
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
References (6)
Core 6
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240605-0009/
Mailing List, Patch
https://www.openwall.com/lists/oss-security/2024/04/13/2
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2024/04/15/1
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html
Scores
CVSS v3
8.6
EPSS
0.0033
EPSS Percentile
55.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-96
Status
published
Products (5)
debian/debian_linux
10.0
greenwoodsoftware/less
< 653
netapp/bootstrap_os
netapp/hci_storage_nodes
netapp/solidfire
Published
Apr 13, 2024
Tracked Since
Feb 18, 2026