{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-32487", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T02:13:39.027Z", "dateReserved": "2024-04-13T00:00:00", "datePublished": "2024-04-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-10T17:11:52.179329"}, "descriptions": [{"lang": "en", "value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"}, {"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"}, {"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"}, {"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"}, {"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-96", "lang": "en", "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')"}]}], "affected": [{"vendor": "netapp", "product": "less", "cpes": ["cpe:2.3:a:netapp:less:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "653", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-17T18:38:36.239380Z", "id": "CVE-2024-32487", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T16:31:29.695Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:39.027Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5", "tags": ["x_transferred"]}, {"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33", "tags": ["x_transferred"]}, {"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0009/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5", "tags": ["x_transferred"]}, {"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1", "name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0009/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html", "name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:39.027Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-32487", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-17T18:38:36.239380Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:netapp:less:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "less", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "653"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-96", "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T16:31:22.513Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"}, {"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"}, {"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1", "name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths", "tags": ["mailing-list"]}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html", "name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-10T17:11:52.179329"}}}, "cveMetadata": {"cveId": "CVE-2024-32487", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:13:39.027Z", "dateReserved": "2024-04-13T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-13T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."}, {"lang": "es", "value": "less hasta 653 permite la ejecuci\u00f3n de comandos del sistema operativo mediante un car\u00e1cter de nueva l\u00ednea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotaci\u00f3n normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extra\u00eddos de un archivo que no es de confianza. La explotaci\u00f3n tambi\u00e9n requiere la variable de entorno LESSOPEN, pero est\u00e1 configurada de forma predeterminada en muchos casos comunes."}], "id": "CVE-2024-32487", "lastModified": "2024-07-08T14:18:29.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-13T15:15:52.683", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"}, {"source": "cve@mitre.org", "url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20240605-0009/"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-96"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3669", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "less-0:458-10.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-06-06T00:00:00Z"}, {"advisory": "RHSA-2024:4256", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "less-0:530-3.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:4366", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "less-0:530-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4416", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "less-0:530-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4416", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "less-0:530-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4416", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "less-0:530-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4418", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "less-0:530-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4418", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "less-0:530-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4418", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "less-0:530-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4369", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "less-0:530-3.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:3513", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "less-0:590-4.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:4528", "cpe": "cpe:/o:redhat:rhel_e4s:9.0", "package": "less-0:590-2.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4529", "cpe": "cpe:/o:redhat:rhel_eus:9.2", "package": "less-0:590-3.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}], "bugzilla": {"description": "less: OS command injection", "id": "2274980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-78", "details": ["less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-32487", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "less", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2024-04-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-32487\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-32487\nhttps://www.openwall.com/lists/oss-security/2024/04/12/5\nhttps://www.openwall.com/lists/oss-security/2024/04/13/2"], "statement": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.", "threat_severity": "Important"}