Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-32487 (GCVE-0-2024-32487)
Vulnerability from cvelistv5 – Published: 2024-04-13 00:00 – Updated: 2024-08-02 02:13
VLAI?
EPSS
Summary
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Severity ?
8.6 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:less:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "less",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "653",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T18:38:36.239380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T16:31:29.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:11:52.179329",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-32487",
"datePublished": "2024-04-13T00:00:00",
"dateReserved": "2024-04-13T00:00:00",
"dateUpdated": "2024-08-02T02:13:39.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.\"}, {\"lang\": \"es\", \"value\": \"less hasta 653 permite la ejecuci\\u00f3n de comandos del sistema operativo mediante un car\\u00e1cter de nueva l\\u00ednea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotaci\\u00f3n normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extra\\u00eddos de un archivo que no es de confianza. La explotaci\\u00f3n tambi\\u00e9n requiere la variable de entorno LESSOPEN, pero est\\u00e1 configurada de forma predeterminada en muchos casos comunes.\"}]",
"id": "CVE-2024-32487",
"lastModified": "2024-11-21T09:15:00.647",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 6.0}]}",
"published": "2024-04-13T15:15:52.683",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/15/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240605-0009/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/04/12/5\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/04/13/2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/15/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240605-0009/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/04/12/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/04/13/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-96\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-32487\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-04-13T15:15:52.683\",\"lastModified\":\"2025-06-17T20:58:12.907\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.\"},{\"lang\":\"es\",\"value\":\"less hasta 653 permite la ejecuci\u00f3n de comandos del sistema operativo mediante un car\u00e1cter de nueva l\u00ednea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotaci\u00f3n normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extra\u00eddos de un archivo que no es de confianza. La explotaci\u00f3n tambi\u00e9n requiere la variable de entorno LESSOPEN, pero est\u00e1 configurada de forma predeterminada en muchos casos comunes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-96\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:greenwoodsoftware:less:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"653\",\"matchCriteriaId\":\"7BC0C9A4-FF76-4EE4-844F-98D13A41D3BA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"855D6A52-F96F-4CA0-A59C-4D42173F22E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/15/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240605-0009/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/04/12/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/04/13/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/15/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240605-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/04/12/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/04/13/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openwall.com/lists/oss-security/2024/04/13/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/04/12/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/15/1\", \"name\": \"[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\\\n in paths\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240605-0009/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html\", \"name\": \"[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:13:39.027Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32487\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-17T18:38:36.239380Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:netapp:less:*:*:*:*:*:*:*:*\"], \"vendor\": \"netapp\", \"product\": \"less\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"653\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-96\", \"description\": \"CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-03T16:31:22.513Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.openwall.com/lists/oss-security/2024/04/13/2\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/04/12/5\"}, {\"url\": \"https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/15/1\", \"name\": \"[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\\\n in paths\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240605-0009/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html\", \"name\": \"[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-06-10T17:11:52.179329\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-32487\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T02:13:39.027Z\", \"dateReserved\": \"2024-04-13T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-04-13T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0646
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Storage Protect | Storage Protect Plus Server versions 10.1.x antérieures à 10.1.16.2 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions antérieures à 24.0.0.5 | ||
| IBM | VIOS | VIOS version 4.1 avec un fichier openssl.base versions antérieures à 3.0.13.1000 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20 | ||
| IBM | N/A | Sterling Control Center versions 6.3.0 antérieures à 6.3.0.0 iFix06 | ||
| IBM | N/A | Sterling Control Center versions 6.2.1 antérieures à 6.2.1.0 iFix13 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0.x antérieures à 7.5.0 UP9 IF01 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Storage Protect Plus Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.16.2",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 24.0.0.5 ",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 3.0.13.1000",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.0 ant\u00e9rieures \u00e0 6.3.0.0 iFix06",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.0 iFix13",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0 UP9 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2024-35154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35154"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2023-39320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39320"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-1394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1394"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2018-25091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0646",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161679",
"url": "https://www.ibm.com/support/pages/node/7161679"
},
{
"published_at": "2024-07-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161667",
"url": "https://www.ibm.com/support/pages/node/7161667"
},
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161954",
"url": "https://www.ibm.com/support/pages/node/7161954"
},
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7162032",
"url": "https://www.ibm.com/support/pages/node/7162032"
},
{
"published_at": "2024-07-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160144",
"url": "https://www.ibm.com/support/pages/node/7160144"
},
{
"published_at": "2024-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7162077",
"url": "https://www.ibm.com/support/pages/node/7162077"
}
]
}
CERTFR-2024-AVI-0741
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.5.0 UP9 IF02 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP9 IF02",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
},
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2023-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2023-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43788"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2022-3287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2023-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2021-47311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2024-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-26826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2023-31122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2019-14865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-43789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43789"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2023-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
},
{
"name": "CVE-2021-46972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2024-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2023-52667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-52703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-35838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2023-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2021-47310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
},
{
"name": "CVE-2023-52626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2021-47456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-47353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2018-25091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
},
{
"name": "CVE-2023-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0741",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence \u00e9diteur",
"revision_date": "2024-09-06T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA86686",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP9-IF02"
}
]
}
CERTFR-2024-AVI-0646
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Storage Protect | Storage Protect Plus Server versions 10.1.x antérieures à 10.1.16.2 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions antérieures à 24.0.0.5 | ||
| IBM | VIOS | VIOS version 4.1 avec un fichier openssl.base versions antérieures à 3.0.13.1000 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20 | ||
| IBM | N/A | Sterling Control Center versions 6.3.0 antérieures à 6.3.0.0 iFix06 | ||
| IBM | N/A | Sterling Control Center versions 6.2.1 antérieures à 6.2.1.0 iFix13 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0.x antérieures à 7.5.0 UP9 IF01 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Storage Protect Plus Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.16.2",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 24.0.0.5 ",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 3.0.13.1000",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.0 ant\u00e9rieures \u00e0 6.3.0.0 iFix06",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.0 iFix13",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0 UP9 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2024-35154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35154"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2023-39320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39320"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-1394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1394"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2018-25091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0646",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161679",
"url": "https://www.ibm.com/support/pages/node/7161679"
},
{
"published_at": "2024-07-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161667",
"url": "https://www.ibm.com/support/pages/node/7161667"
},
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161954",
"url": "https://www.ibm.com/support/pages/node/7161954"
},
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7162032",
"url": "https://www.ibm.com/support/pages/node/7162032"
},
{
"published_at": "2024-07-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160144",
"url": "https://www.ibm.com/support/pages/node/7160144"
},
{
"published_at": "2024-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7162077",
"url": "https://www.ibm.com/support/pages/node/7162077"
}
]
}
CERTFR-2024-AVI-0741
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.5.0 UP9 IF02 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP9 IF02",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
},
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2023-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2023-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43788"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2022-3287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2023-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2021-47311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2024-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-26826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2023-31122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2019-14865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-43789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43789"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2023-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
},
{
"name": "CVE-2021-46972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2024-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2023-52667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-52703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-35838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2023-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2021-47310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
},
{
"name": "CVE-2023-52626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2021-47456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-47353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2018-25091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
},
{
"name": "CVE-2023-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0741",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence \u00e9diteur",
"revision_date": "2024-09-06T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA86686",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP9-IF02"
}
]
}
CERTFR-2024-AVI-0903
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | WebSphere Application Server Liberty versions 20.0.12 à 24.0.0.10 sans le correctif de sécurité PH63533 ou antérieures à 24.0.0.11 (disponibilité prévue pour le dernier trimestre 2024) | ||
| IBM | N/A | QRadar Incident Forensics versions 7.5.x antérieures à 7.5.0 UP10 | ||
| IBM | N/A | Storage Protect Server versions 8.1.x antérieures à 8.1.24 | ||
| IBM | N/A | Robotic Process Automation pour Cloud Pak versions 23.0.x antérieures à 23.0.18 | ||
| IBM | N/A | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10 | ||
| IBM | N/A | Robotic Process Automation versions 21.0..0.x antérieures à 21.0.7.18 | ||
| IBM | N/A | Robotic Process Automation versions 23.0.x antérieures à 23.0.18 | ||
| IBM | N/A | Robotic Process Automation pour Cloud Pak versions 21.0.0.x antérieures à 21.0.7.18 | ||
| IBM | N/A | QRadar Network Capture versions 7.5.x antérieures à 7.5.0 Update Package 10 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server Liberty versions 20.0.12 \u00e0 24.0.0.10 sans le correctif de s\u00e9curit\u00e9 PH63533 ou ant\u00e9rieures \u00e0 24.0.0.11 (disponibilit\u00e9 pr\u00e9vue pour le dernier trimestre 2024)",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Storage Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.24",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation pour Cloud Pak versions 23.0.x ant\u00e9rieures \u00e0 23.0.18",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation versions 21.0..0.x ant\u00e9rieures \u00e0 21.0.7.18",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation versions 23.0.x ant\u00e9rieures \u00e0 23.0.18",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation pour Cloud Pak versions 21.0.0.x ant\u00e9rieures \u00e0 21.0.7.18",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Network Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Package 10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2023-37536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
},
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2022-48468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
},
{
"name": "CVE-2023-20592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20592"
},
{
"name": "CVE-2018-1311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1311"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2020-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25219"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2022-38725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38725"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2021-47311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2021-45429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45429"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2020-7212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7212"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-28786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28786"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2024-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-26826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2023-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31346"
},
{
"name": "CVE-2024-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2021-46972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2023-52667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
},
{
"name": "CVE-2023-52703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-35838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2023-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2020-26154",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26154"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2021-47310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
},
{
"name": "CVE-2023-52626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2021-47456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
},
{
"name": "CVE-2024-28752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-47353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2023-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0903",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173421",
"url": "https://www.ibm.com/support/pages/node/7173421"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173043",
"url": "https://www.ibm.com/support/pages/node/7173043"
},
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173420",
"url": "https://www.ibm.com/support/pages/node/7173420"
},
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173226",
"url": "https://www.ibm.com/support/pages/node/7173226"
},
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173224",
"url": "https://www.ibm.com/support/pages/node/7173224"
},
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173097",
"url": "https://www.ibm.com/support/pages/node/7173097"
}
]
}
CERTFR-2024-AVI-0903
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | WebSphere Application Server Liberty versions 20.0.12 à 24.0.0.10 sans le correctif de sécurité PH63533 ou antérieures à 24.0.0.11 (disponibilité prévue pour le dernier trimestre 2024) | ||
| IBM | N/A | QRadar Incident Forensics versions 7.5.x antérieures à 7.5.0 UP10 | ||
| IBM | N/A | Storage Protect Server versions 8.1.x antérieures à 8.1.24 | ||
| IBM | N/A | Robotic Process Automation pour Cloud Pak versions 23.0.x antérieures à 23.0.18 | ||
| IBM | N/A | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10 | ||
| IBM | N/A | Robotic Process Automation versions 21.0..0.x antérieures à 21.0.7.18 | ||
| IBM | N/A | Robotic Process Automation versions 23.0.x antérieures à 23.0.18 | ||
| IBM | N/A | Robotic Process Automation pour Cloud Pak versions 21.0.0.x antérieures à 21.0.7.18 | ||
| IBM | N/A | QRadar Network Capture versions 7.5.x antérieures à 7.5.0 Update Package 10 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server Liberty versions 20.0.12 \u00e0 24.0.0.10 sans le correctif de s\u00e9curit\u00e9 PH63533 ou ant\u00e9rieures \u00e0 24.0.0.11 (disponibilit\u00e9 pr\u00e9vue pour le dernier trimestre 2024)",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Storage Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.24",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation pour Cloud Pak versions 23.0.x ant\u00e9rieures \u00e0 23.0.18",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation versions 21.0..0.x ant\u00e9rieures \u00e0 21.0.7.18",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation versions 23.0.x ant\u00e9rieures \u00e0 23.0.18",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation pour Cloud Pak versions 21.0.0.x ant\u00e9rieures \u00e0 21.0.7.18",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Network Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Package 10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2023-37536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
},
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2022-48468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
},
{
"name": "CVE-2023-20592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20592"
},
{
"name": "CVE-2018-1311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1311"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2020-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25219"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2022-38725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38725"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2021-47311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2021-45429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45429"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2020-7212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7212"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-28786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28786"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2024-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-26826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2023-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31346"
},
{
"name": "CVE-2024-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2021-46972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2023-52667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
},
{
"name": "CVE-2023-52703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-35838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2023-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2020-26154",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26154"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2021-47310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
},
{
"name": "CVE-2023-52626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2021-47456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
},
{
"name": "CVE-2024-28752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-47353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2023-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0903",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173421",
"url": "https://www.ibm.com/support/pages/node/7173421"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173043",
"url": "https://www.ibm.com/support/pages/node/7173043"
},
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173420",
"url": "https://www.ibm.com/support/pages/node/7173420"
},
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173226",
"url": "https://www.ibm.com/support/pages/node/7173226"
},
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173224",
"url": "https://www.ibm.com/support/pages/node/7173224"
},
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173097",
"url": "https://www.ibm.com/support/pages/node/7173097"
}
]
}
FKIE_CVE-2024-32487
Vulnerability from fkie_nvd - Published: 2024-04-13 15:15 - Updated: 2025-06-17 20:58
Severity ?
Summary
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2024/04/15/1 | Mailing List | |
| cve@mitre.org | https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 | Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html | Mailing List | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20240605-0009/ | Vendor Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2024/04/12/5 | Mailing List | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2024/04/13/2 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/04/15/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240605-0009/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2024/04/12/5 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2024/04/13/2 | Mailing List, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| greenwoodsoftware | less | * | |
| debian | debian_linux | 10.0 | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_nodes | - | |
| netapp | solidfire | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:greenwoodsoftware:less:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC0C9A4-FF76-4EE4-844F-98D13A41D3BA",
"versionEndIncluding": "653",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855D6A52-F96F-4CA0-A59C-4D42173F22E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."
},
{
"lang": "es",
"value": "less hasta 653 permite la ejecuci\u00f3n de comandos del sistema operativo mediante un car\u00e1cter de nueva l\u00ednea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotaci\u00f3n normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extra\u00eddos de un archivo que no es de confianza. La explotaci\u00f3n tambi\u00e9n requiere la variable de entorno LESSOPEN, pero est\u00e1 configurada de forma predeterminada en muchos casos comunes."
}
],
"id": "CVE-2024-32487",
"lastModified": "2025-06-17T20:58:12.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-13T15:15:52.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-96"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
SUSE-SU-2024:1598-1
Vulnerability from csaf_suse - Published: 2024-05-10 09:50 - Updated: 2024-05-10 09:50Summary
Security update for less
Notes
Title of the patch
Security update for less
Description of the patch
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
Patchnames
SUSE-2024-1598,SUSE-SLE-Micro-5.3-2024-1598,SUSE-SLE-Micro-5.4-2024-1598,SUSE-SLE-Micro-5.5-2024-1598,SUSE-SLE-Module-Basesystem-15-SP5-2024-1598,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1598,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1598,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1598,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1598,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1598,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1598,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1598,openSUSE-Leap-Micro-5.3-2024-1598,openSUSE-Leap-Micro-5.4-2024-1598,openSUSE-SLE-15.5-2024-1598
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for less",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for less fixes the following issues:\n\n- CVE-2024-32487: Fixed mishandling of \\n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1598,SUSE-SLE-Micro-5.3-2024-1598,SUSE-SLE-Micro-5.4-2024-1598,SUSE-SLE-Micro-5.5-2024-1598,SUSE-SLE-Module-Basesystem-15-SP5-2024-1598,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1598,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1598,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1598,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1598,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1598,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1598,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1598,openSUSE-Leap-Micro-5.3-2024-1598,openSUSE-Leap-Micro-5.4-2024-1598,openSUSE-SLE-15.5-2024-1598",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1598-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1598-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241598-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1598-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-May/035227.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222849",
"url": "https://bugzilla.suse.com/1222849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32487/"
}
],
"title": "Security update for less",
"tracking": {
"current_release_date": "2024-05-10T09:50:38Z",
"generator": {
"date": "2024-05-10T09:50:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1598-1",
"initial_release_date": "2024-05-10T09:50:38Z",
"revision_history": [
{
"date": "2024-05-10T09:50:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.aarch64",
"product": {
"name": "less-590-150400.3.9.1.aarch64",
"product_id": "less-590-150400.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.i586",
"product": {
"name": "less-590-150400.3.9.1.i586",
"product_id": "less-590-150400.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.ppc64le",
"product": {
"name": "less-590-150400.3.9.1.ppc64le",
"product_id": "less-590-150400.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.s390x",
"product": {
"name": "less-590-150400.3.9.1.s390x",
"product_id": "less-590-150400.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.x86_64",
"product": {
"name": "less-590-150400.3.9.1.x86_64",
"product_id": "less-590-150400.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.ppc64le"
},
"product_reference": "less-590-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.ppc64le"
},
"product_reference": "less-590-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.ppc64le"
},
"product_reference": "less-590-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:less-590-150400.3.9.1.ppc64le"
},
"product_reference": "less-590-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:less-590-150400.3.9.1.ppc64le"
},
"product_reference": "less-590-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:less-590-150400.3.9.1.ppc64le"
},
"product_reference": "less-590-150400.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32487"
}
],
"notes": [
{
"category": "general",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:less-590-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:less-590-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.x86_64",
"openSUSE Leap 15.5:less-590-150400.3.9.1.aarch64",
"openSUSE Leap 15.5:less-590-150400.3.9.1.ppc64le",
"openSUSE Leap 15.5:less-590-150400.3.9.1.s390x",
"openSUSE Leap 15.5:less-590-150400.3.9.1.x86_64",
"openSUSE Leap Micro 5.3:less-590-150400.3.9.1.aarch64",
"openSUSE Leap Micro 5.3:less-590-150400.3.9.1.x86_64",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.aarch64",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.s390x",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32487",
"url": "https://www.suse.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "SUSE Bug 1222849 for CVE-2024-32487",
"url": "https://bugzilla.suse.com/1222849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:less-590-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:less-590-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.x86_64",
"openSUSE Leap 15.5:less-590-150400.3.9.1.aarch64",
"openSUSE Leap 15.5:less-590-150400.3.9.1.ppc64le",
"openSUSE Leap 15.5:less-590-150400.3.9.1.s390x",
"openSUSE Leap 15.5:less-590-150400.3.9.1.x86_64",
"openSUSE Leap Micro 5.3:less-590-150400.3.9.1.aarch64",
"openSUSE Leap Micro 5.3:less-590-150400.3.9.1.x86_64",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.aarch64",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.s390x",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:less-590-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:less-590-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:less-590-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:less-590-150400.3.9.1.x86_64",
"openSUSE Leap 15.5:less-590-150400.3.9.1.aarch64",
"openSUSE Leap 15.5:less-590-150400.3.9.1.ppc64le",
"openSUSE Leap 15.5:less-590-150400.3.9.1.s390x",
"openSUSE Leap 15.5:less-590-150400.3.9.1.x86_64",
"openSUSE Leap Micro 5.3:less-590-150400.3.9.1.aarch64",
"openSUSE Leap Micro 5.3:less-590-150400.3.9.1.x86_64",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.aarch64",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.s390x",
"openSUSE Leap Micro 5.4:less-590-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-10T09:50:38Z",
"details": "important"
}
],
"title": "CVE-2024-32487"
}
]
}
SUSE-SU-2025:20007-1
Vulnerability from csaf_suse - Published: 2025-02-03 08:47 - Updated: 2025-02-03 08:47Summary
Security update for less
Notes
Title of the patch
Security update for less
Description of the patch
This update for less fixes the following issues:
- CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
Patchnames
SUSE-SLE-Micro-6.0-7
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for less",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for less fixes the following issues:\n\n- CVE-2024-32487: Fix a bug where mishandling of \\n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-7",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20007-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20007-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520007-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20007-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021387.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222849",
"url": "https://bugzilla.suse.com/1222849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32487/"
}
],
"title": "Security update for less",
"tracking": {
"current_release_date": "2025-02-03T08:47:04Z",
"generator": {
"date": "2025-02-03T08:47:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20007-1",
"initial_release_date": "2025-02-03T08:47:04Z",
"revision_history": [
{
"date": "2025-02-03T08:47:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "less-633-3.1.aarch64",
"product": {
"name": "less-633-3.1.aarch64",
"product_id": "less-633-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-633-3.1.s390x",
"product": {
"name": "less-633-3.1.s390x",
"product_id": "less-633-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "less-633-3.1.x86_64",
"product": {
"name": "less-633-3.1.x86_64",
"product_id": "less-633-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-633-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:less-633-3.1.aarch64"
},
"product_reference": "less-633-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-633-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:less-633-3.1.s390x"
},
"product_reference": "less-633-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-633-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:less-633-3.1.x86_64"
},
"product_reference": "less-633-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32487"
}
],
"notes": [
{
"category": "general",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:less-633-3.1.aarch64",
"SUSE Linux Micro 6.0:less-633-3.1.s390x",
"SUSE Linux Micro 6.0:less-633-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32487",
"url": "https://www.suse.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "SUSE Bug 1222849 for CVE-2024-32487",
"url": "https://bugzilla.suse.com/1222849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:less-633-3.1.aarch64",
"SUSE Linux Micro 6.0:less-633-3.1.s390x",
"SUSE Linux Micro 6.0:less-633-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:less-633-3.1.aarch64",
"SUSE Linux Micro 6.0:less-633-3.1.s390x",
"SUSE Linux Micro 6.0:less-633-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:47:04Z",
"details": "important"
}
],
"title": "CVE-2024-32487"
}
]
}
SUSE-SU-2024:1550-1
Vulnerability from csaf_suse - Published: 2024-05-07 14:23 - Updated: 2024-05-07 14:23Summary
Security update for less
Notes
Title of the patch
Security update for less
Description of the patch
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
Patchnames
SUSE-2024-1550,SUSE-SLE-SERVER-12-SP5-2024-1550
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for less",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for less fixes the following issues:\n\n- CVE-2024-32487: Fixed mishandling of \\n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1550,SUSE-SLE-SERVER-12-SP5-2024-1550",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1550-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1550-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241550-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1550-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018476.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222849",
"url": "https://bugzilla.suse.com/1222849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32487/"
}
],
"title": "Security update for less",
"tracking": {
"current_release_date": "2024-05-07T14:23:51Z",
"generator": {
"date": "2024-05-07T14:23:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1550-1",
"initial_release_date": "2024-05-07T14:23:51Z",
"revision_history": [
{
"date": "2024-05-07T14:23:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "less-458-7.15.1.aarch64",
"product": {
"name": "less-458-7.15.1.aarch64",
"product_id": "less-458-7.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-458-7.15.1.i586",
"product": {
"name": "less-458-7.15.1.i586",
"product_id": "less-458-7.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "less-458-7.15.1.ppc64le",
"product": {
"name": "less-458-7.15.1.ppc64le",
"product_id": "less-458-7.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-458-7.15.1.s390",
"product": {
"name": "less-458-7.15.1.s390",
"product_id": "less-458-7.15.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "less-458-7.15.1.s390x",
"product": {
"name": "less-458-7.15.1.s390x",
"product_id": "less-458-7.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "less-458-7.15.1.x86_64",
"product": {
"name": "less-458-7.15.1.x86_64",
"product_id": "less-458-7.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-458-7.15.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.aarch64"
},
"product_reference": "less-458-7.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-458-7.15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.ppc64le"
},
"product_reference": "less-458-7.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-458-7.15.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.s390x"
},
"product_reference": "less-458-7.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-458-7.15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.x86_64"
},
"product_reference": "less-458-7.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-458-7.15.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.aarch64"
},
"product_reference": "less-458-7.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-458-7.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.ppc64le"
},
"product_reference": "less-458-7.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-458-7.15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.s390x"
},
"product_reference": "less-458-7.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-458-7.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.x86_64"
},
"product_reference": "less-458-7.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32487"
}
],
"notes": [
{
"category": "general",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32487",
"url": "https://www.suse.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "SUSE Bug 1222849 for CVE-2024-32487",
"url": "https://bugzilla.suse.com/1222849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:less-458-7.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:less-458-7.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-07T14:23:51Z",
"details": "important"
}
],
"title": "CVE-2024-32487"
}
]
}
SUSE-SU-2024:1534-1
Vulnerability from csaf_suse - Published: 2024-05-06 12:55 - Updated: 2024-05-06 12:55Summary
Security update for less
Notes
Title of the patch
Security update for less
Description of the patch
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
Patchnames
SUSE-2024-1534,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1534,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1534,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1534,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1534,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1534,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1534,SUSE-SUSE-MicroOS-5.1-2024-1534,SUSE-SUSE-MicroOS-5.2-2024-1534,SUSE-Storage-7.1-2024-1534
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for less",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for less fixes the following issues:\n\n- CVE-2024-32487: Fixed mishandling of \\n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1534,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1534,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1534,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1534,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1534,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1534,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1534,SUSE-SUSE-MicroOS-5.1-2024-1534,SUSE-SUSE-MicroOS-5.2-2024-1534,SUSE-Storage-7.1-2024-1534",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1534-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1534-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241534-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1534-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-May/035178.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222849",
"url": "https://bugzilla.suse.com/1222849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32487/"
}
],
"title": "Security update for less",
"tracking": {
"current_release_date": "2024-05-06T12:55:36Z",
"generator": {
"date": "2024-05-06T12:55:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1534-1",
"initial_release_date": "2024-05-06T12:55:36Z",
"revision_history": [
{
"date": "2024-05-06T12:55:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "less-530-150000.3.9.1.aarch64",
"product": {
"name": "less-530-150000.3.9.1.aarch64",
"product_id": "less-530-150000.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-530-150000.3.9.1.i586",
"product": {
"name": "less-530-150000.3.9.1.i586",
"product_id": "less-530-150000.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "less-530-150000.3.9.1.ppc64le",
"product": {
"name": "less-530-150000.3.9.1.ppc64le",
"product_id": "less-530-150000.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-530-150000.3.9.1.s390x",
"product": {
"name": "less-530-150000.3.9.1.s390x",
"product_id": "less-530-150000.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "less-530-150000.3.9.1.x86_64",
"product": {
"name": "less-530-150000.3.9.1.x86_64",
"product_id": "less-530-150000.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:less-530-150000.3.9.1.aarch64"
},
"product_reference": "less-530-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:less-530-150000.3.9.1.aarch64"
},
"product_reference": "less-530-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.aarch64"
},
"product_reference": "less-530-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.ppc64le"
},
"product_reference": "less-530-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.s390x"
},
"product_reference": "less-530-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.aarch64"
},
"product_reference": "less-530-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.ppc64le"
},
"product_reference": "less-530-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.s390x"
},
"product_reference": "less-530-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:less-530-150000.3.9.1.ppc64le"
},
"product_reference": "less-530-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:less-530-150000.3.9.1.ppc64le"
},
"product_reference": "less-530-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.aarch64"
},
"product_reference": "less-530-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.s390x"
},
"product_reference": "less-530-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.aarch64"
},
"product_reference": "less-530-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.s390x"
},
"product_reference": "less-530-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:less-530-150000.3.9.1.aarch64"
},
"product_reference": "less-530-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-530-150000.3.9.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:less-530-150000.3.9.1.x86_64"
},
"product_reference": "less-530-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32487"
}
],
"notes": [
{
"category": "general",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:less-530-150000.3.9.1.aarch64",
"SUSE Enterprise Storage 7.1:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:less-530-150000.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32487",
"url": "https://www.suse.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "SUSE Bug 1222849 for CVE-2024-32487",
"url": "https://bugzilla.suse.com/1222849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:less-530-150000.3.9.1.aarch64",
"SUSE Enterprise Storage 7.1:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:less-530-150000.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:less-530-150000.3.9.1.aarch64",
"SUSE Enterprise Storage 7.1:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:less-530-150000.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:less-530-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:less-530-150000.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-06T12:55:36Z",
"details": "important"
}
],
"title": "CVE-2024-32487"
}
]
}
SUSE-SU-2024:2060-1
Vulnerability from csaf_suse - Published: 2024-06-18 11:11 - Updated: 2024-06-18 11:11Summary
Security update for less
Notes
Title of the patch
Security update for less
Description of the patch
This update for less fixes the following issues:
- CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849)
Patchnames
SUSE-2024-2060,SUSE-SLE-Module-Basesystem-15-SP6-2024-2060,openSUSE-SLE-15.6-2024-2060
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for less",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for less fixes the following issues:\n\n- CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2060,SUSE-SLE-Module-Basesystem-15-SP6-2024-2060,openSUSE-SLE-15.6-2024-2060",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2060-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2060-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242060-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2060-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-June/035617.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222849",
"url": "https://bugzilla.suse.com/1222849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32487/"
}
],
"title": "Security update for less",
"tracking": {
"current_release_date": "2024-06-18T11:11:48Z",
"generator": {
"date": "2024-06-18T11:11:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2060-1",
"initial_release_date": "2024-06-18T11:11:48Z",
"revision_history": [
{
"date": "2024-06-18T11:11:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "less-643-150600.3.3.1.aarch64",
"product": {
"name": "less-643-150600.3.3.1.aarch64",
"product_id": "less-643-150600.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-643-150600.3.3.1.i586",
"product": {
"name": "less-643-150600.3.3.1.i586",
"product_id": "less-643-150600.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "less-643-150600.3.3.1.ppc64le",
"product": {
"name": "less-643-150600.3.3.1.ppc64le",
"product_id": "less-643-150600.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-643-150600.3.3.1.s390x",
"product": {
"name": "less-643-150600.3.3.1.s390x",
"product_id": "less-643-150600.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "less-643-150600.3.3.1.x86_64",
"product": {
"name": "less-643-150600.3.3.1.x86_64",
"product_id": "less-643-150600.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-643-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.aarch64"
},
"product_reference": "less-643-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-643-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.ppc64le"
},
"product_reference": "less-643-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-643-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.s390x"
},
"product_reference": "less-643-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-643-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.x86_64"
},
"product_reference": "less-643-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-643-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:less-643-150600.3.3.1.aarch64"
},
"product_reference": "less-643-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-643-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:less-643-150600.3.3.1.ppc64le"
},
"product_reference": "less-643-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-643-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:less-643-150600.3.3.1.s390x"
},
"product_reference": "less-643-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-643-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:less-643-150600.3.3.1.x86_64"
},
"product_reference": "less-643-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32487"
}
],
"notes": [
{
"category": "general",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:less-643-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:less-643-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:less-643-150600.3.3.1.s390x",
"openSUSE Leap 15.6:less-643-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32487",
"url": "https://www.suse.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "SUSE Bug 1222849 for CVE-2024-32487",
"url": "https://bugzilla.suse.com/1222849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:less-643-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:less-643-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:less-643-150600.3.3.1.s390x",
"openSUSE Leap 15.6:less-643-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:less-643-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:less-643-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:less-643-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:less-643-150600.3.3.1.s390x",
"openSUSE Leap 15.6:less-643-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-18T11:11:48Z",
"details": "important"
}
],
"title": "CVE-2024-32487"
}
]
}
SUSE-SU-2024:1598-2
Vulnerability from csaf_suse - Published: 2024-05-10 09:50 - Updated: 2024-05-10 09:50Summary
Security update for less
Notes
Title of the patch
Security update for less
Description of the patch
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
Patchnames
SUSE-2024-1598,SUSE-SLE-Micro-5.5-2024-1598
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for less",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for less fixes the following issues:\n\n- CVE-2024-32487: Fixed mishandling of \\n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1598,SUSE-SLE-Micro-5.5-2024-1598",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1598-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1598-2",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241598-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1598-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019079.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222849",
"url": "https://bugzilla.suse.com/1222849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32487/"
}
],
"title": "Security update for less",
"tracking": {
"current_release_date": "2024-05-10T09:50:50Z",
"generator": {
"date": "2024-05-10T09:50:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1598-2",
"initial_release_date": "2024-05-10T09:50:50Z",
"revision_history": [
{
"date": "2024-05-10T09:50:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.aarch64",
"product": {
"name": "less-590-150400.3.9.1.aarch64",
"product_id": "less-590-150400.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.i586",
"product": {
"name": "less-590-150400.3.9.1.i586",
"product_id": "less-590-150400.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.ppc64le",
"product": {
"name": "less-590-150400.3.9.1.ppc64le",
"product_id": "less-590-150400.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.s390x",
"product": {
"name": "less-590-150400.3.9.1.s390x",
"product_id": "less-590-150400.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "less-590-150400.3.9.1.x86_64",
"product": {
"name": "less-590-150400.3.9.1.x86_64",
"product_id": "less-590-150400.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.aarch64"
},
"product_reference": "less-590-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.ppc64le"
},
"product_reference": "less-590-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.s390x"
},
"product_reference": "less-590-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-590-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.x86_64"
},
"product_reference": "less-590-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32487"
}
],
"notes": [
{
"category": "general",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32487",
"url": "https://www.suse.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "SUSE Bug 1222849 for CVE-2024-32487",
"url": "https://bugzilla.suse.com/1222849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:less-590-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-10T09:50:50Z",
"details": "important"
}
],
"title": "CVE-2024-32487"
}
]
}
SUSE-SU-2025:20394-1
Vulnerability from csaf_suse - Published: 2025-06-08 13:39 - Updated: 2025-06-08 13:39Summary
Security update for less
Notes
Title of the patch
Security update for less
Description of the patch
This update for less fixes the following issues:
- Updated to version 668
* Fixed crash when using --header on command line
* Fixed possible crash when scrolling left/right or toggling -S
* Fixed bug when using #stop in a lesskey file
* Fixed bug when using --shift or --match-shift on command line with a parameter starting with '.'
* Fixed bug in R command when file size changes
* Fixed bug using --header when file does not fill screen
* Fixed ^X bug when output is not a terminal
* Fixed bug where ^Z is not handled immediately
* Fixed bug where first byte from a LESSOPEN filter is deleted if it is greater than 0x7F
* Fixed uninitialized variable in edit_ifile
* Fixed incorrect handling of UTF-8 chars in prompts
- Change preprocessor dependencies from Requires to Recommends. It's disabled by
default and they are not necessary for less.
- Updated to version 661:
* fixed crash - buffer overflow by one in fexpand
* fixed free(): double free detected in tcache 2
* fixed segmentation fault on line-num-width & -N
- Updated to version 656:
* Add ^O^N, ^O^P, ^O^L and ^O^O commands and mouse clicks (with --mouse) to find and open OSC8 hyperlinks (github #251).
* Add --match-shift option.
* Add --lesskey-content option (github #447).
* Add LESSKEY_CONTENT environment variable (github #447).
* Add --no-search-header-lines and --no-search-header-columns options (github #397).
* Add ctrl-L search modifier (github #367).
* A ctrl-P at the start of a shell command suppresses the "done" message (github #462).
* Add attribute characters ('*', '~', '_', '&') to --color parameter (github #471).
* Allow expansion of environment variables in lesskey files.
* Add LESSSECURE_ALLOW environment variable (github #449).
* Add LESS_UNSUPPORT environment variable.
* Add line number parameter to --header option (github #436).
* Mouse right-click jumps to position marked by left-click (github #390).
* Ensure that the target line is not obscured by a header line set by --header (github #444).
* Change default character set to "utf-8", except remains "dos" on MS-DOS.
* Add message when search with ^W wraps (github #459).
* UCRT builds on Windows 10 and later now support Unicode file names (github #438).
* Improve behavior of interrupt while reading non-terminated pipe (github #414).
* Improve parsing of -j, -x and -# options (github #393).
* Support files larger than 4GB on Windows (github #417).
* Support entry of Unicode chars larger than U+FFFF on Windows (github #391).
* Improve colors of bold, underline and standout text on Windows.
* Allow --rscroll to accept non-ASCII characters (github #483).
* Allow the parameter to certain options to be terminated with a space (--color, --quotes, --rscroll, --search-options and --intr) (github #495).
* Fix bug where # substitution failed after viewing help (github #420).
* Fix crash if files are deleted while less is viewing them (github #404).
* Workaround unreliable ReadConsoleInputW behavior on Windows with non-ASCII input.
* Fix -J display when searching for non-ASCII characters (github #422).
* Don't filter header lines via the & command (github #423).
* Fix bug when horizontally shifting long lines (github #425).
* Add -x and -D options to lesstest, to make it easier to diagnose a failed lesstest run.
* Fix bug searching long lines with --incsearch and -S (github #428).
* Fix bug that made ESC-} fail if top line on screen was empty (github #429).
* Fix bug with --mouse on Windows when used with pipes (github #440).
* Fix bug in --+OPTION command line syntax.
* Fix display bug when using -w with an empty line with a CR/LF line ending (github #474).
* When substituting '#' or '%' with a filename, quote the filename if it contains a space (github #480).
* Fix wrong sleep time when system has usleep but not nanosleep (github #489).
* Fix bug when file name contains a newline (CVE-2024-32487, bsc#1222849).
* Fix bug when file name contains nonprintable characters (github #503).
* Fix DJGPP build (github #497).
* Update Unicode tables.
- add zstd support to lessopen
- Updated to 643:
* Fixed problem when a program piping into less reads from the tty,
like sudo asking for password (github #368).
* Fixed search modifier ^E after ^W.
* Fixed bug using negated (^N) search (github #374).
* Fixed bug setting colors with -D on Windows build (github #386).
* Fixed reading special chars like PageDown on Windows (github #378).
* Fixed mouse wheel scrolling on Windows (github #379).
* Fixed erroneous EOF when terminal window size changes (github #372).
* Fixed compile error with some definitions of ECHONL (github #395).
* Fixed crash on Windows when writing logfile (github #405).
* Fixed regression in exit code when stdin is /dev/null and
output is a file (github #373).
* Add lesstest test suite to production release (github #344).
* Change lesstest output to conform with
automake Simple Test Format (github #399).
Patchnames
SUSE-SLE-Micro-6.1-139
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for less",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for less fixes the following issues:\n\n- Updated to version 668\n * Fixed crash when using --header on command line\n * Fixed possible crash when scrolling left/right or toggling -S\n * Fixed bug when using #stop in a lesskey file\n * Fixed bug when using --shift or --match-shift on command line with a parameter starting with \u0027.\u0027\n * Fixed bug in R command when file size changes\n * Fixed bug using --header when file does not fill screen\n * Fixed ^X bug when output is not a terminal\n * Fixed bug where ^Z is not handled immediately\n * Fixed bug where first byte from a LESSOPEN filter is deleted if it is greater than 0x7F\n * Fixed uninitialized variable in edit_ifile\n * Fixed incorrect handling of UTF-8 chars in prompts\n\n- Change preprocessor dependencies from Requires to Recommends. It\u0027s disabled by\n default and they are not necessary for less.\n\n- Updated to version 661:\n * fixed crash - buffer overflow by one in fexpand\n * fixed free(): double free detected in tcache 2\n * fixed segmentation fault on line-num-width \u0026 -N\n\n- Updated to version 656:\n * Add ^O^N, ^O^P, ^O^L and ^O^O commands and mouse clicks (with --mouse) to find and open OSC8 hyperlinks (github #251).\n * Add --match-shift option.\n * Add --lesskey-content option (github #447).\n * Add LESSKEY_CONTENT environment variable (github #447).\n * Add --no-search-header-lines and --no-search-header-columns options (github #397).\n * Add ctrl-L search modifier (github #367).\n * A ctrl-P at the start of a shell command suppresses the \"done\" message (github #462).\n * Add attribute characters (\u0027*\u0027, \u0027~\u0027, \u0027_\u0027, \u0027\u0026\u0027) to --color parameter (github #471).\n * Allow expansion of environment variables in lesskey files.\n * Add LESSSECURE_ALLOW environment variable (github #449).\n * Add LESS_UNSUPPORT environment variable.\n * Add line number parameter to --header option (github #436).\n * Mouse right-click jumps to position marked by left-click (github #390).\n * Ensure that the target line is not obscured by a header line set by --header (github #444).\n * Change default character set to \"utf-8\", except remains \"dos\" on MS-DOS.\n * Add message when search with ^W wraps (github #459).\n * UCRT builds on Windows 10 and later now support Unicode file names (github #438).\n * Improve behavior of interrupt while reading non-terminated pipe (github #414).\n * Improve parsing of -j, -x and -# options (github #393).\n * Support files larger than 4GB on Windows (github #417).\n * Support entry of Unicode chars larger than U+FFFF on Windows (github #391).\n * Improve colors of bold, underline and standout text on Windows.\n * Allow --rscroll to accept non-ASCII characters (github #483).\n * Allow the parameter to certain options to be terminated with a space (--color, --quotes, --rscroll, --search-options and --intr) (github #495).\n * Fix bug where # substitution failed after viewing help (github #420).\n * Fix crash if files are deleted while less is viewing them (github #404).\n * Workaround unreliable ReadConsoleInputW behavior on Windows with non-ASCII input.\n * Fix -J display when searching for non-ASCII characters (github #422).\n * Don\u0027t filter header lines via the \u0026 command (github #423).\n * Fix bug when horizontally shifting long lines (github #425).\n * Add -x and -D options to lesstest, to make it easier to diagnose a failed lesstest run.\n * Fix bug searching long lines with --incsearch and -S (github #428).\n * Fix bug that made ESC-} fail if top line on screen was empty (github #429).\n * Fix bug with --mouse on Windows when used with pipes (github #440).\n * Fix bug in --+OPTION command line syntax.\n * Fix display bug when using -w with an empty line with a CR/LF line ending (github #474).\n * When substituting \u0027#\u0027 or \u0027%\u0027 with a filename, quote the filename if it contains a space (github #480).\n * Fix wrong sleep time when system has usleep but not nanosleep (github #489).\n * Fix bug when file name contains a newline (CVE-2024-32487, bsc#1222849).\n * Fix bug when file name contains nonprintable characters (github #503).\n * Fix DJGPP build (github #497).\n * Update Unicode tables.\n\n- add zstd support to lessopen\n\n- Updated to 643:\n * Fixed problem when a program piping into less reads from the tty,\n like sudo asking for password (github #368).\n * Fixed search modifier ^E after ^W.\n * Fixed bug using negated (^N) search (github #374).\n * Fixed bug setting colors with -D on Windows build (github #386).\n * Fixed reading special chars like PageDown on Windows (github #378).\n * Fixed mouse wheel scrolling on Windows (github #379).\n * Fixed erroneous EOF when terminal window size changes (github #372).\n * Fixed compile error with some definitions of ECHONL (github #395).\n * Fixed crash on Windows when writing logfile (github #405).\n * Fixed regression in exit code when stdin is /dev/null and\n output is a file (github #373).\n * Add lesstest test suite to production release (github #344).\n * Change lesstest output to conform with\n automake Simple Test Format (github #399).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-139",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20394-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20394-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520394-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20394-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040305.html"
},
{
"category": "self",
"summary": "SUSE Bug 1047218",
"url": "https://bugzilla.suse.com/1047218"
},
{
"category": "self",
"summary": "SUSE Bug 1222849",
"url": "https://bugzilla.suse.com/1222849"
},
{
"category": "self",
"summary": "SUSE Bug 915387",
"url": "https://bugzilla.suse.com/915387"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32487/"
}
],
"title": "Security update for less",
"tracking": {
"current_release_date": "2025-06-08T13:39:10Z",
"generator": {
"date": "2025-06-08T13:39:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20394-1",
"initial_release_date": "2025-06-08T13:39:10Z",
"revision_history": [
{
"date": "2025-06-08T13:39:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "less-668-slfo.1.1_1.1.aarch64",
"product": {
"name": "less-668-slfo.1.1_1.1.aarch64",
"product_id": "less-668-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-668-slfo.1.1_1.1.ppc64le",
"product": {
"name": "less-668-slfo.1.1_1.1.ppc64le",
"product_id": "less-668-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-668-slfo.1.1_1.1.s390x",
"product": {
"name": "less-668-slfo.1.1_1.1.s390x",
"product_id": "less-668-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "less-668-slfo.1.1_1.1.x86_64",
"product": {
"name": "less-668-slfo.1.1_1.1.x86_64",
"product_id": "less-668-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-668-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.aarch64"
},
"product_reference": "less-668-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-668-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.ppc64le"
},
"product_reference": "less-668-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-668-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.s390x"
},
"product_reference": "less-668-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-668-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.x86_64"
},
"product_reference": "less-668-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32487"
}
],
"notes": [
{
"category": "general",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32487",
"url": "https://www.suse.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "SUSE Bug 1222849 for CVE-2024-32487",
"url": "https://bugzilla.suse.com/1222849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:less-668-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-08T13:39:10Z",
"details": "important"
}
],
"title": "CVE-2024-32487"
}
]
}
RHSA-2024:4418
Vulnerability from csaf_redhat - Published: 2024-07-09 10:04 - Updated: 2025-11-21 19:05Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4418",
"url": "https://access.redhat.com/errata/RHSA-2024:4418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4418.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:05:44+00:00",
"generator": {
"date": "2025-11-21T19:05:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4418",
"initial_release_date": "2024-07-09T10:04:57+00:00",
"revision_history": [
{
"date": "2024-07-09T10:04:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-09T10:04:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:05:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.src",
"product": {
"name": "less-0:530-3.el8_6.src",
"product_id": "less-0:530-3.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.x86_64",
"product": {
"name": "less-0:530-3.el8_6.x86_64",
"product_id": "less-0:530-3.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_6.x86_64",
"product": {
"name": "less-debugsource-0:530-3.el8_6.x86_64",
"product_id": "less-debugsource-0:530-3.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_6.x86_64",
"product": {
"name": "less-debuginfo-0:530-3.el8_6.x86_64",
"product_id": "less-debuginfo-0:530-3.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.aarch64",
"product": {
"name": "less-0:530-3.el8_6.aarch64",
"product_id": "less-0:530-3.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_6.aarch64",
"product": {
"name": "less-debugsource-0:530-3.el8_6.aarch64",
"product_id": "less-debugsource-0:530-3.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_6.aarch64",
"product": {
"name": "less-debuginfo-0:530-3.el8_6.aarch64",
"product_id": "less-debuginfo-0:530-3.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.ppc64le",
"product": {
"name": "less-0:530-3.el8_6.ppc64le",
"product_id": "less-0:530-3.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_6.ppc64le",
"product": {
"name": "less-debugsource-0:530-3.el8_6.ppc64le",
"product_id": "less-debugsource-0:530-3.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_6.ppc64le",
"product": {
"name": "less-debuginfo-0:530-3.el8_6.ppc64le",
"product_id": "less-debuginfo-0:530-3.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.s390x",
"product": {
"name": "less-0:530-3.el8_6.s390x",
"product_id": "less-0:530-3.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_6.s390x",
"product": {
"name": "less-debugsource-0:530-3.el8_6.s390x",
"product_id": "less-debugsource-0:530-3.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_6.s390x",
"product": {
"name": "less-debuginfo-0:530-3.el8_6.s390x",
"product_id": "less-debuginfo-0:530-3.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src"
},
"product_reference": "less-0:530-3.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64"
},
"product_reference": "less-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64"
},
"product_reference": "less-0:530-3.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le"
},
"product_reference": "less-0:530-3.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x"
},
"product_reference": "less-0:530-3.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src"
},
"product_reference": "less-0:530-3.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64"
},
"product_reference": "less-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64"
},
"product_reference": "less-debugsource-0:530-3.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le"
},
"product_reference": "less-debugsource-0:530-3.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x"
},
"product_reference": "less-debugsource-0:530-3.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src"
},
"product_reference": "less-0:530-3.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64"
},
"product_reference": "less-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-09T10:04:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4418"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_4416
Vulnerability from csaf_redhat - Published: 2024-07-09 10:03 - Updated: 2024-11-24 15:51Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4416",
"url": "https://access.redhat.com/errata/RHSA-2024:4416"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4416.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:51:48+00:00",
"generator": {
"date": "2024-11-24T15:51:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:4416",
"initial_release_date": "2024-07-09T10:03:01+00:00",
"revision_history": [
{
"date": "2024-07-09T10:03:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-09T10:03:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:51:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_4.src",
"product": {
"name": "less-0:530-2.el8_4.src",
"product_id": "less-0:530-2.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_4.x86_64",
"product": {
"name": "less-0:530-2.el8_4.x86_64",
"product_id": "less-0:530-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-2.el8_4.x86_64",
"product": {
"name": "less-debugsource-0:530-2.el8_4.x86_64",
"product_id": "less-debugsource-0:530-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-2.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-2.el8_4.x86_64",
"product": {
"name": "less-debuginfo-0:530-2.el8_4.x86_64",
"product_id": "less-debuginfo-0:530-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-2.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_4.ppc64le",
"product": {
"name": "less-0:530-2.el8_4.ppc64le",
"product_id": "less-0:530-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-2.el8_4.ppc64le",
"product": {
"name": "less-debugsource-0:530-2.el8_4.ppc64le",
"product_id": "less-debugsource-0:530-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-2.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-2.el8_4.ppc64le",
"product": {
"name": "less-debuginfo-0:530-2.el8_4.ppc64le",
"product_id": "less-debuginfo-0:530-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-2.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src"
},
"product_reference": "less-0:530-2.el8_4.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64"
},
"product_reference": "less-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debuginfo-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debugsource-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le"
},
"product_reference": "less-0:530-2.el8_4.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src"
},
"product_reference": "less-0:530-2.el8_4.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64"
},
"product_reference": "less-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le"
},
"product_reference": "less-debuginfo-0:530-2.el8_4.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debuginfo-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le"
},
"product_reference": "less-debugsource-0:530-2.el8_4.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debugsource-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src"
},
"product_reference": "less-0:530-2.el8_4.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64"
},
"product_reference": "less-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debuginfo-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debugsource-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-09T10:03:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4416"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024:4369
Vulnerability from csaf_redhat - Published: 2024-07-08 11:44 - Updated: 2025-11-21 19:05Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4369",
"url": "https://access.redhat.com/errata/RHSA-2024:4369"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4369.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:05:25+00:00",
"generator": {
"date": "2025-11-21T19:05:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4369",
"initial_release_date": "2024-07-08T11:44:09+00:00",
"revision_history": [
{
"date": "2024-07-08T11:44:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-08T11:44:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:05:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.src",
"product": {
"name": "less-0:530-3.el8_8.src",
"product_id": "less-0:530-3.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.aarch64",
"product": {
"name": "less-0:530-3.el8_8.aarch64",
"product_id": "less-0:530-3.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_8.aarch64",
"product": {
"name": "less-debugsource-0:530-3.el8_8.aarch64",
"product_id": "less-debugsource-0:530-3.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_8.aarch64",
"product": {
"name": "less-debuginfo-0:530-3.el8_8.aarch64",
"product_id": "less-debuginfo-0:530-3.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.ppc64le",
"product": {
"name": "less-0:530-3.el8_8.ppc64le",
"product_id": "less-0:530-3.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_8.ppc64le",
"product": {
"name": "less-debugsource-0:530-3.el8_8.ppc64le",
"product_id": "less-debugsource-0:530-3.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_8.ppc64le",
"product": {
"name": "less-debuginfo-0:530-3.el8_8.ppc64le",
"product_id": "less-debuginfo-0:530-3.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.x86_64",
"product": {
"name": "less-0:530-3.el8_8.x86_64",
"product_id": "less-0:530-3.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_8.x86_64",
"product": {
"name": "less-debugsource-0:530-3.el8_8.x86_64",
"product_id": "less-debugsource-0:530-3.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_8.x86_64",
"product": {
"name": "less-debuginfo-0:530-3.el8_8.x86_64",
"product_id": "less-debuginfo-0:530-3.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.s390x",
"product": {
"name": "less-0:530-3.el8_8.s390x",
"product_id": "less-0:530-3.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_8.s390x",
"product": {
"name": "less-debugsource-0:530-3.el8_8.s390x",
"product_id": "less-debugsource-0:530-3.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_8.s390x",
"product": {
"name": "less-debuginfo-0:530-3.el8_8.s390x",
"product_id": "less-debuginfo-0:530-3.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64"
},
"product_reference": "less-0:530-3.el8_8.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le"
},
"product_reference": "less-0:530-3.el8_8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x"
},
"product_reference": "less-0:530-3.el8_8.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src"
},
"product_reference": "less-0:530-3.el8_8.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64"
},
"product_reference": "less-0:530-3.el8_8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64"
},
"product_reference": "less-debuginfo-0:530-3.el8_8.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le"
},
"product_reference": "less-debuginfo-0:530-3.el8_8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_8.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x"
},
"product_reference": "less-debuginfo-0:530-3.el8_8.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64"
},
"product_reference": "less-debugsource-0:530-3.el8_8.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le"
},
"product_reference": "less-debugsource-0:530-3.el8_8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_8.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x"
},
"product_reference": "less-debugsource-0:530-3.el8_8.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-08T11:44:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4369"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024:3669
Vulnerability from csaf_redhat - Published: 2024-06-06 09:37 - Updated: 2025-11-21 19:03Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows
users to move backwards in the file as well as forwards. Since "less" does not
read the entire input file at startup, it also starts more quickly than ordinary
text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows\nusers to move backwards in the file as well as forwards. Since \"less\" does not\nread the entire input file at startup, it also starts more quickly than ordinary\ntext editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3669",
"url": "https://access.redhat.com/errata/RHSA-2024:3669"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3669.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:03:42+00:00",
"generator": {
"date": "2025-11-21T19:03:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:3669",
"initial_release_date": "2024-06-06T09:37:49+00:00",
"revision_history": [
{
"date": "2024-06-06T09:37:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-06T09:37:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:03:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.src",
"product": {
"name": "less-0:458-10.el7_9.src",
"product_id": "less-0:458-10.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.x86_64",
"product": {
"name": "less-0:458-10.el7_9.x86_64",
"product_id": "less-0:458-10.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:458-10.el7_9.x86_64",
"product": {
"name": "less-debuginfo-0:458-10.el7_9.x86_64",
"product_id": "less-debuginfo-0:458-10.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@458-10.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.ppc64le",
"product": {
"name": "less-0:458-10.el7_9.ppc64le",
"product_id": "less-0:458-10.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:458-10.el7_9.ppc64le",
"product": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64le",
"product_id": "less-debuginfo-0:458-10.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@458-10.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.ppc64",
"product": {
"name": "less-0:458-10.el7_9.ppc64",
"product_id": "less-0:458-10.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:458-10.el7_9.ppc64",
"product": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64",
"product_id": "less-debuginfo-0:458-10.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@458-10.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.s390x",
"product": {
"name": "less-0:458-10.el7_9.s390x",
"product_id": "less-0:458-10.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:458-10.el7_9.s390x",
"product": {
"name": "less-debuginfo-0:458-10.el7_9.s390x",
"product_id": "less-debuginfo-0:458-10.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@458-10.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.ppc64"
},
"product_reference": "less-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.s390x"
},
"product_reference": "less-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.src"
},
"product_reference": "less-0:458-10.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.x86_64"
},
"product_reference": "less-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.ppc64"
},
"product_reference": "less-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.s390x"
},
"product_reference": "less-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.src"
},
"product_reference": "less-0:458-10.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.x86_64"
},
"product_reference": "less-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64"
},
"product_reference": "less-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.s390x"
},
"product_reference": "less-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.src"
},
"product_reference": "less-0:458-10.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64"
},
"product_reference": "less-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-0:458-10.el7_9.src",
"7Client-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-0:458-10.el7_9.src",
"7Server-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-0:458-10.el7_9.src",
"7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-06T09:37:49+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-0:458-10.el7_9.src",
"7Client-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-0:458-10.el7_9.src",
"7Server-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-0:458-10.el7_9.src",
"7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3669"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-0:458-10.el7_9.src",
"7Client-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-0:458-10.el7_9.src",
"7Server-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-0:458-10.el7_9.src",
"7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-0:458-10.el7_9.src",
"7Client-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-0:458-10.el7_9.src",
"7Server-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-0:458-10.el7_9.src",
"7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_4528
Vulnerability from csaf_redhat - Published: 2024-07-15 01:07 - Updated: 2024-11-24 15:52Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4528",
"url": "https://access.redhat.com/errata/RHSA-2024:4528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4528.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:52:30+00:00",
"generator": {
"date": "2024-11-24T15:52:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:4528",
"initial_release_date": "2024-07-15T01:07:09+00:00",
"revision_history": [
{
"date": "2024-07-15T01:07:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-15T01:07:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:52:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.src",
"product": {
"name": "less-0:590-2.el9_0.src",
"product_id": "less-0:590-2.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.aarch64",
"product": {
"name": "less-0:590-2.el9_0.aarch64",
"product_id": "less-0:590-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-2.el9_0.aarch64",
"product": {
"name": "less-debugsource-0:590-2.el9_0.aarch64",
"product_id": "less-debugsource-0:590-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-2.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-2.el9_0.aarch64",
"product": {
"name": "less-debuginfo-0:590-2.el9_0.aarch64",
"product_id": "less-debuginfo-0:590-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-2.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.ppc64le",
"product": {
"name": "less-0:590-2.el9_0.ppc64le",
"product_id": "less-0:590-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-2.el9_0.ppc64le",
"product": {
"name": "less-debugsource-0:590-2.el9_0.ppc64le",
"product_id": "less-debugsource-0:590-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-2.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-2.el9_0.ppc64le",
"product": {
"name": "less-debuginfo-0:590-2.el9_0.ppc64le",
"product_id": "less-debuginfo-0:590-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-2.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.x86_64",
"product": {
"name": "less-0:590-2.el9_0.x86_64",
"product_id": "less-0:590-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-2.el9_0.x86_64",
"product": {
"name": "less-debugsource-0:590-2.el9_0.x86_64",
"product_id": "less-debugsource-0:590-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-2.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-2.el9_0.x86_64",
"product": {
"name": "less-debuginfo-0:590-2.el9_0.x86_64",
"product_id": "less-debuginfo-0:590-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-2.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.s390x",
"product": {
"name": "less-0:590-2.el9_0.s390x",
"product_id": "less-0:590-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-2.el9_0.s390x",
"product": {
"name": "less-debugsource-0:590-2.el9_0.s390x",
"product_id": "less-debugsource-0:590-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-2.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-2.el9_0.s390x",
"product": {
"name": "less-debuginfo-0:590-2.el9_0.s390x",
"product_id": "less-debuginfo-0:590-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-2.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64"
},
"product_reference": "less-0:590-2.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le"
},
"product_reference": "less-0:590-2.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x"
},
"product_reference": "less-0:590-2.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src"
},
"product_reference": "less-0:590-2.el9_0.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64"
},
"product_reference": "less-0:590-2.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64"
},
"product_reference": "less-debuginfo-0:590-2.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le"
},
"product_reference": "less-debuginfo-0:590-2.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-2.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x"
},
"product_reference": "less-debuginfo-0:590-2.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64"
},
"product_reference": "less-debuginfo-0:590-2.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64"
},
"product_reference": "less-debugsource-0:590-2.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le"
},
"product_reference": "less-debugsource-0:590-2.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-2.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x"
},
"product_reference": "less-debugsource-0:590-2.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
},
"product_reference": "less-debugsource-0:590-2.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-15T01:07:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4528"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_4529
Vulnerability from csaf_redhat - Published: 2024-07-15 01:12 - Updated: 2024-11-24 15:52Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4529",
"url": "https://access.redhat.com/errata/RHSA-2024:4529"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4529.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:52:17+00:00",
"generator": {
"date": "2024-11-24T15:52:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:4529",
"initial_release_date": "2024-07-15T01:12:10+00:00",
"revision_history": [
{
"date": "2024-07-15T01:12:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-15T01:12:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:52:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.src",
"product": {
"name": "less-0:590-3.el9_2.src",
"product_id": "less-0:590-3.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.aarch64",
"product": {
"name": "less-0:590-3.el9_2.aarch64",
"product_id": "less-0:590-3.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-3.el9_2.aarch64",
"product": {
"name": "less-debugsource-0:590-3.el9_2.aarch64",
"product_id": "less-debugsource-0:590-3.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-3.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-3.el9_2.aarch64",
"product": {
"name": "less-debuginfo-0:590-3.el9_2.aarch64",
"product_id": "less-debuginfo-0:590-3.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-3.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.ppc64le",
"product": {
"name": "less-0:590-3.el9_2.ppc64le",
"product_id": "less-0:590-3.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-3.el9_2.ppc64le",
"product": {
"name": "less-debugsource-0:590-3.el9_2.ppc64le",
"product_id": "less-debugsource-0:590-3.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-3.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-3.el9_2.ppc64le",
"product": {
"name": "less-debuginfo-0:590-3.el9_2.ppc64le",
"product_id": "less-debuginfo-0:590-3.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-3.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.x86_64",
"product": {
"name": "less-0:590-3.el9_2.x86_64",
"product_id": "less-0:590-3.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-3.el9_2.x86_64",
"product": {
"name": "less-debugsource-0:590-3.el9_2.x86_64",
"product_id": "less-debugsource-0:590-3.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-3.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-3.el9_2.x86_64",
"product": {
"name": "less-debuginfo-0:590-3.el9_2.x86_64",
"product_id": "less-debuginfo-0:590-3.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-3.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.s390x",
"product": {
"name": "less-0:590-3.el9_2.s390x",
"product_id": "less-0:590-3.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-3.el9_2.s390x",
"product": {
"name": "less-debugsource-0:590-3.el9_2.s390x",
"product_id": "less-debugsource-0:590-3.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-3.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-3.el9_2.s390x",
"product": {
"name": "less-debuginfo-0:590-3.el9_2.s390x",
"product_id": "less-debuginfo-0:590-3.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-3.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64"
},
"product_reference": "less-0:590-3.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le"
},
"product_reference": "less-0:590-3.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x"
},
"product_reference": "less-0:590-3.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src"
},
"product_reference": "less-0:590-3.el9_2.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64"
},
"product_reference": "less-0:590-3.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-3.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64"
},
"product_reference": "less-debuginfo-0:590-3.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le"
},
"product_reference": "less-debuginfo-0:590-3.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-3.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x"
},
"product_reference": "less-debuginfo-0:590-3.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64"
},
"product_reference": "less-debuginfo-0:590-3.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-3.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64"
},
"product_reference": "less-debugsource-0:590-3.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le"
},
"product_reference": "less-debugsource-0:590-3.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-3.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x"
},
"product_reference": "less-debugsource-0:590-3.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
},
"product_reference": "less-debugsource-0:590-3.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-15T01:12:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024:4366
Vulnerability from csaf_redhat - Published: 2024-07-08 11:12 - Updated: 2025-11-21 19:05Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4366",
"url": "https://access.redhat.com/errata/RHSA-2024:4366"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4366.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:05:22+00:00",
"generator": {
"date": "2025-11-21T19:05:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4366",
"initial_release_date": "2024-07-08T11:12:34+00:00",
"revision_history": [
{
"date": "2024-07-08T11:12:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-08T11:12:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:05:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_2.src",
"product": {
"name": "less-0:530-2.el8_2.src",
"product_id": "less-0:530-2.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_2.x86_64",
"product": {
"name": "less-0:530-2.el8_2.x86_64",
"product_id": "less-0:530-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-2.el8_2.x86_64",
"product": {
"name": "less-debugsource-0:530-2.el8_2.x86_64",
"product_id": "less-debugsource-0:530-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-2.el8_2.x86_64",
"product": {
"name": "less-debuginfo-0:530-2.el8_2.x86_64",
"product_id": "less-debuginfo-0:530-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-2.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src"
},
"product_reference": "less-0:530-2.el8_2.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64"
},
"product_reference": "less-0:530-2.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64"
},
"product_reference": "less-debuginfo-0:530-2.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
},
"product_reference": "less-debugsource-0:530-2.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src",
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-08T11:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src",
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4366"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src",
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src",
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_4369
Vulnerability from csaf_redhat - Published: 2024-07-08 11:44 - Updated: 2024-11-24 15:51Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4369",
"url": "https://access.redhat.com/errata/RHSA-2024:4369"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4369.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:51:34+00:00",
"generator": {
"date": "2024-11-24T15:51:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:4369",
"initial_release_date": "2024-07-08T11:44:09+00:00",
"revision_history": [
{
"date": "2024-07-08T11:44:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-08T11:44:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:51:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.src",
"product": {
"name": "less-0:530-3.el8_8.src",
"product_id": "less-0:530-3.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.aarch64",
"product": {
"name": "less-0:530-3.el8_8.aarch64",
"product_id": "less-0:530-3.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_8.aarch64",
"product": {
"name": "less-debugsource-0:530-3.el8_8.aarch64",
"product_id": "less-debugsource-0:530-3.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_8.aarch64",
"product": {
"name": "less-debuginfo-0:530-3.el8_8.aarch64",
"product_id": "less-debuginfo-0:530-3.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.ppc64le",
"product": {
"name": "less-0:530-3.el8_8.ppc64le",
"product_id": "less-0:530-3.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_8.ppc64le",
"product": {
"name": "less-debugsource-0:530-3.el8_8.ppc64le",
"product_id": "less-debugsource-0:530-3.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_8.ppc64le",
"product": {
"name": "less-debuginfo-0:530-3.el8_8.ppc64le",
"product_id": "less-debuginfo-0:530-3.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.x86_64",
"product": {
"name": "less-0:530-3.el8_8.x86_64",
"product_id": "less-0:530-3.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_8.x86_64",
"product": {
"name": "less-debugsource-0:530-3.el8_8.x86_64",
"product_id": "less-debugsource-0:530-3.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_8.x86_64",
"product": {
"name": "less-debuginfo-0:530-3.el8_8.x86_64",
"product_id": "less-debuginfo-0:530-3.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_8.s390x",
"product": {
"name": "less-0:530-3.el8_8.s390x",
"product_id": "less-0:530-3.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_8.s390x",
"product": {
"name": "less-debugsource-0:530-3.el8_8.s390x",
"product_id": "less-debugsource-0:530-3.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_8.s390x",
"product": {
"name": "less-debuginfo-0:530-3.el8_8.s390x",
"product_id": "less-debuginfo-0:530-3.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64"
},
"product_reference": "less-0:530-3.el8_8.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le"
},
"product_reference": "less-0:530-3.el8_8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x"
},
"product_reference": "less-0:530-3.el8_8.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src"
},
"product_reference": "less-0:530-3.el8_8.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64"
},
"product_reference": "less-0:530-3.el8_8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64"
},
"product_reference": "less-debuginfo-0:530-3.el8_8.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le"
},
"product_reference": "less-debuginfo-0:530-3.el8_8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_8.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x"
},
"product_reference": "less-debuginfo-0:530-3.el8_8.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64"
},
"product_reference": "less-debugsource-0:530-3.el8_8.aarch64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le"
},
"product_reference": "less-debugsource-0:530-3.el8_8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_8.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x"
},
"product_reference": "less-debugsource-0:530-3.el8_8.s390x",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-08T11:44:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4369"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.src",
"BaseOS-8.8.0.Z.EUS:less-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debuginfo-0:530-3.el8_8.x86_64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.aarch64",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.ppc64le",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.s390x",
"BaseOS-8.8.0.Z.EUS:less-debugsource-0:530-3.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024:3513
Vulnerability from csaf_redhat - Published: 2024-05-30 14:41 - Updated: 2025-11-21 19:03Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3513",
"url": "https://access.redhat.com/errata/RHSA-2024:3513"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3513.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:03:20+00:00",
"generator": {
"date": "2025-11-21T19:03:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:3513",
"initial_release_date": "2024-05-30T14:41:50+00:00",
"revision_history": [
{
"date": "2024-05-30T14:41:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-30T14:41:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:03:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.src",
"product": {
"name": "less-0:590-4.el9_4.src",
"product_id": "less-0:590-4.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.aarch64",
"product": {
"name": "less-0:590-4.el9_4.aarch64",
"product_id": "less-0:590-4.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-4.el9_4.aarch64",
"product": {
"name": "less-debugsource-0:590-4.el9_4.aarch64",
"product_id": "less-debugsource-0:590-4.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-4.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-4.el9_4.aarch64",
"product": {
"name": "less-debuginfo-0:590-4.el9_4.aarch64",
"product_id": "less-debuginfo-0:590-4.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-4.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.ppc64le",
"product": {
"name": "less-0:590-4.el9_4.ppc64le",
"product_id": "less-0:590-4.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-4.el9_4.ppc64le",
"product": {
"name": "less-debugsource-0:590-4.el9_4.ppc64le",
"product_id": "less-debugsource-0:590-4.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-4.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-4.el9_4.ppc64le",
"product": {
"name": "less-debuginfo-0:590-4.el9_4.ppc64le",
"product_id": "less-debuginfo-0:590-4.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-4.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.x86_64",
"product": {
"name": "less-0:590-4.el9_4.x86_64",
"product_id": "less-0:590-4.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-4.el9_4.x86_64",
"product": {
"name": "less-debugsource-0:590-4.el9_4.x86_64",
"product_id": "less-debugsource-0:590-4.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-4.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-4.el9_4.x86_64",
"product": {
"name": "less-debuginfo-0:590-4.el9_4.x86_64",
"product_id": "less-debuginfo-0:590-4.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-4.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.s390x",
"product": {
"name": "less-0:590-4.el9_4.s390x",
"product_id": "less-0:590-4.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-4.el9_4.s390x",
"product": {
"name": "less-debugsource-0:590-4.el9_4.s390x",
"product_id": "less-debugsource-0:590-4.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-4.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-4.el9_4.s390x",
"product": {
"name": "less-debuginfo-0:590-4.el9_4.s390x",
"product_id": "less-debuginfo-0:590-4.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-4.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64"
},
"product_reference": "less-0:590-4.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le"
},
"product_reference": "less-0:590-4.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x"
},
"product_reference": "less-0:590-4.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src"
},
"product_reference": "less-0:590-4.el9_4.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64"
},
"product_reference": "less-0:590-4.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-4.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64"
},
"product_reference": "less-debuginfo-0:590-4.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-4.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le"
},
"product_reference": "less-debuginfo-0:590-4.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-4.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x"
},
"product_reference": "less-debuginfo-0:590-4.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-4.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64"
},
"product_reference": "less-debuginfo-0:590-4.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-4.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64"
},
"product_reference": "less-debugsource-0:590-4.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-4.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le"
},
"product_reference": "less-debugsource-0:590-4.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-4.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x"
},
"product_reference": "less-debugsource-0:590-4.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-4.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
},
"product_reference": "less-debugsource-0:590-4.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T14:41:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3513"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_4366
Vulnerability from csaf_redhat - Published: 2024-07-08 11:12 - Updated: 2024-11-24 15:51Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4366",
"url": "https://access.redhat.com/errata/RHSA-2024:4366"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4366.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:51:19+00:00",
"generator": {
"date": "2024-11-24T15:51:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:4366",
"initial_release_date": "2024-07-08T11:12:34+00:00",
"revision_history": [
{
"date": "2024-07-08T11:12:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-08T11:12:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:51:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_2.src",
"product": {
"name": "less-0:530-2.el8_2.src",
"product_id": "less-0:530-2.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_2.x86_64",
"product": {
"name": "less-0:530-2.el8_2.x86_64",
"product_id": "less-0:530-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-2.el8_2.x86_64",
"product": {
"name": "less-debugsource-0:530-2.el8_2.x86_64",
"product_id": "less-debugsource-0:530-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-2.el8_2.x86_64",
"product": {
"name": "less-debuginfo-0:530-2.el8_2.x86_64",
"product_id": "less-debuginfo-0:530-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-2.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src"
},
"product_reference": "less-0:530-2.el8_2.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64"
},
"product_reference": "less-0:530-2.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64"
},
"product_reference": "less-debuginfo-0:530-2.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
},
"product_reference": "less-debugsource-0:530-2.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src",
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-08T11:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src",
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4366"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src",
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.src",
"BaseOS-8.2.0.Z.AUS:less-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debuginfo-0:530-2.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:less-debugsource-0:530-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_4256
Vulnerability from csaf_redhat - Published: 2024-07-02 15:27 - Updated: 2024-11-24 15:51Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
* less: missing quoting of shell metacharacters in LESSCLOSE handling (CVE-2022-48624)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\n* less: missing quoting of shell metacharacters in LESSCLOSE handling (CVE-2022-48624)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4256",
"url": "https://access.redhat.com/errata/RHSA-2024:4256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2265081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265081"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4256.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:51:05+00:00",
"generator": {
"date": "2024-11-24T15:51:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:4256",
"initial_release_date": "2024-07-02T15:27:33+00:00",
"revision_history": [
{
"date": "2024-07-02T15:27:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-02T15:27:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:51:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.src",
"product": {
"name": "less-0:530-3.el8_10.src",
"product_id": "less-0:530-3.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.aarch64",
"product": {
"name": "less-0:530-3.el8_10.aarch64",
"product_id": "less-0:530-3.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_10.aarch64",
"product": {
"name": "less-debugsource-0:530-3.el8_10.aarch64",
"product_id": "less-debugsource-0:530-3.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_10.aarch64",
"product": {
"name": "less-debuginfo-0:530-3.el8_10.aarch64",
"product_id": "less-debuginfo-0:530-3.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.ppc64le",
"product": {
"name": "less-0:530-3.el8_10.ppc64le",
"product_id": "less-0:530-3.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_10.ppc64le",
"product": {
"name": "less-debugsource-0:530-3.el8_10.ppc64le",
"product_id": "less-debugsource-0:530-3.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_10.ppc64le",
"product": {
"name": "less-debuginfo-0:530-3.el8_10.ppc64le",
"product_id": "less-debuginfo-0:530-3.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.x86_64",
"product": {
"name": "less-0:530-3.el8_10.x86_64",
"product_id": "less-0:530-3.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_10.x86_64",
"product": {
"name": "less-debugsource-0:530-3.el8_10.x86_64",
"product_id": "less-debugsource-0:530-3.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_10.x86_64",
"product": {
"name": "less-debuginfo-0:530-3.el8_10.x86_64",
"product_id": "less-debuginfo-0:530-3.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.s390x",
"product": {
"name": "less-0:530-3.el8_10.s390x",
"product_id": "less-0:530-3.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_10.s390x",
"product": {
"name": "less-debugsource-0:530-3.el8_10.s390x",
"product_id": "less-debugsource-0:530-3.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_10.s390x",
"product": {
"name": "less-debuginfo-0:530-3.el8_10.s390x",
"product_id": "less-debuginfo-0:530-3.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64"
},
"product_reference": "less-0:530-3.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le"
},
"product_reference": "less-0:530-3.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x"
},
"product_reference": "less-0:530-3.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src"
},
"product_reference": "less-0:530-3.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64"
},
"product_reference": "less-0:530-3.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64"
},
"product_reference": "less-debuginfo-0:530-3.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le"
},
"product_reference": "less-debuginfo-0:530-3.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x"
},
"product_reference": "less-debuginfo-0:530-3.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64"
},
"product_reference": "less-debugsource-0:530-3.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le"
},
"product_reference": "less-debugsource-0:530-3.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x"
},
"product_reference": "less-debugsource-0:530-3.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48624",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265081"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: missing quoting of shell metacharacters in LESSCLOSE handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs the ability to influence the LESSCLOSE environment variable. This requirement makes this CVE a Moderate impact CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-48624"
},
{
"category": "external",
"summary": "RHBZ#2265081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48624",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48624"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-02T15:27:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "less: missing quoting of shell metacharacters in LESSCLOSE handling"
},
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-02T15:27:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024:4528
Vulnerability from csaf_redhat - Published: 2024-07-15 01:07 - Updated: 2025-11-21 19:06Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4528",
"url": "https://access.redhat.com/errata/RHSA-2024:4528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4528.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:06:06+00:00",
"generator": {
"date": "2025-11-21T19:06:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4528",
"initial_release_date": "2024-07-15T01:07:09+00:00",
"revision_history": [
{
"date": "2024-07-15T01:07:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-15T01:07:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:06:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.src",
"product": {
"name": "less-0:590-2.el9_0.src",
"product_id": "less-0:590-2.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.aarch64",
"product": {
"name": "less-0:590-2.el9_0.aarch64",
"product_id": "less-0:590-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-2.el9_0.aarch64",
"product": {
"name": "less-debugsource-0:590-2.el9_0.aarch64",
"product_id": "less-debugsource-0:590-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-2.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-2.el9_0.aarch64",
"product": {
"name": "less-debuginfo-0:590-2.el9_0.aarch64",
"product_id": "less-debuginfo-0:590-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-2.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.ppc64le",
"product": {
"name": "less-0:590-2.el9_0.ppc64le",
"product_id": "less-0:590-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-2.el9_0.ppc64le",
"product": {
"name": "less-debugsource-0:590-2.el9_0.ppc64le",
"product_id": "less-debugsource-0:590-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-2.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-2.el9_0.ppc64le",
"product": {
"name": "less-debuginfo-0:590-2.el9_0.ppc64le",
"product_id": "less-debuginfo-0:590-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-2.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.x86_64",
"product": {
"name": "less-0:590-2.el9_0.x86_64",
"product_id": "less-0:590-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-2.el9_0.x86_64",
"product": {
"name": "less-debugsource-0:590-2.el9_0.x86_64",
"product_id": "less-debugsource-0:590-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-2.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-2.el9_0.x86_64",
"product": {
"name": "less-debuginfo-0:590-2.el9_0.x86_64",
"product_id": "less-debuginfo-0:590-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-2.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-2.el9_0.s390x",
"product": {
"name": "less-0:590-2.el9_0.s390x",
"product_id": "less-0:590-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-2.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-2.el9_0.s390x",
"product": {
"name": "less-debugsource-0:590-2.el9_0.s390x",
"product_id": "less-debugsource-0:590-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-2.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-2.el9_0.s390x",
"product": {
"name": "less-debuginfo-0:590-2.el9_0.s390x",
"product_id": "less-debuginfo-0:590-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-2.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64"
},
"product_reference": "less-0:590-2.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le"
},
"product_reference": "less-0:590-2.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x"
},
"product_reference": "less-0:590-2.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src"
},
"product_reference": "less-0:590-2.el9_0.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64"
},
"product_reference": "less-0:590-2.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64"
},
"product_reference": "less-debuginfo-0:590-2.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le"
},
"product_reference": "less-debuginfo-0:590-2.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-2.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x"
},
"product_reference": "less-debuginfo-0:590-2.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64"
},
"product_reference": "less-debuginfo-0:590-2.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64"
},
"product_reference": "less-debugsource-0:590-2.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le"
},
"product_reference": "less-debugsource-0:590-2.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-2.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x"
},
"product_reference": "less-debugsource-0:590-2.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
},
"product_reference": "less-debugsource-0:590-2.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-15T01:07:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4528"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.src",
"BaseOS-9.0.0.Z.E4S:less-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debuginfo-0:590-2.el9_0.x86_64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.aarch64",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.ppc64le",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.s390x",
"BaseOS-9.0.0.Z.E4S:less-debugsource-0:590-2.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_4418
Vulnerability from csaf_redhat - Published: 2024-07-09 10:04 - Updated: 2024-11-24 15:52Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4418",
"url": "https://access.redhat.com/errata/RHSA-2024:4418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4418.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:52:02+00:00",
"generator": {
"date": "2024-11-24T15:52:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:4418",
"initial_release_date": "2024-07-09T10:04:57+00:00",
"revision_history": [
{
"date": "2024-07-09T10:04:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-09T10:04:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:52:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.src",
"product": {
"name": "less-0:530-3.el8_6.src",
"product_id": "less-0:530-3.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.x86_64",
"product": {
"name": "less-0:530-3.el8_6.x86_64",
"product_id": "less-0:530-3.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_6.x86_64",
"product": {
"name": "less-debugsource-0:530-3.el8_6.x86_64",
"product_id": "less-debugsource-0:530-3.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_6.x86_64",
"product": {
"name": "less-debuginfo-0:530-3.el8_6.x86_64",
"product_id": "less-debuginfo-0:530-3.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.aarch64",
"product": {
"name": "less-0:530-3.el8_6.aarch64",
"product_id": "less-0:530-3.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_6.aarch64",
"product": {
"name": "less-debugsource-0:530-3.el8_6.aarch64",
"product_id": "less-debugsource-0:530-3.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_6.aarch64",
"product": {
"name": "less-debuginfo-0:530-3.el8_6.aarch64",
"product_id": "less-debuginfo-0:530-3.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.ppc64le",
"product": {
"name": "less-0:530-3.el8_6.ppc64le",
"product_id": "less-0:530-3.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_6.ppc64le",
"product": {
"name": "less-debugsource-0:530-3.el8_6.ppc64le",
"product_id": "less-debugsource-0:530-3.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_6.ppc64le",
"product": {
"name": "less-debuginfo-0:530-3.el8_6.ppc64le",
"product_id": "less-debuginfo-0:530-3.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_6.s390x",
"product": {
"name": "less-0:530-3.el8_6.s390x",
"product_id": "less-0:530-3.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_6.s390x",
"product": {
"name": "less-debugsource-0:530-3.el8_6.s390x",
"product_id": "less-debugsource-0:530-3.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_6.s390x",
"product": {
"name": "less-debuginfo-0:530-3.el8_6.s390x",
"product_id": "less-debuginfo-0:530-3.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src"
},
"product_reference": "less-0:530-3.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64"
},
"product_reference": "less-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64"
},
"product_reference": "less-0:530-3.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le"
},
"product_reference": "less-0:530-3.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x"
},
"product_reference": "less-0:530-3.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src"
},
"product_reference": "less-0:530-3.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64"
},
"product_reference": "less-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64"
},
"product_reference": "less-debugsource-0:530-3.el8_6.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le"
},
"product_reference": "less-debugsource-0:530-3.el8_6.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x"
},
"product_reference": "less-debugsource-0:530-3.el8_6.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src"
},
"product_reference": "less-0:530-3.el8_6.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64"
},
"product_reference": "less-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_6.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-09T10:04:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4418"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.AUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.AUS:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.E4S:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.aarch64",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.ppc64le",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.s390x",
"BaseOS-8.6.0.Z.E4S:less-debugsource-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.src",
"BaseOS-8.6.0.Z.TUS:less-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debuginfo-0:530-3.el8_6.x86_64",
"BaseOS-8.6.0.Z.TUS:less-debugsource-0:530-3.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_3513
Vulnerability from csaf_redhat - Published: 2024-05-30 14:41 - Updated: 2024-11-24 15:50Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3513",
"url": "https://access.redhat.com/errata/RHSA-2024:3513"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3513.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:50:37+00:00",
"generator": {
"date": "2024-11-24T15:50:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:3513",
"initial_release_date": "2024-05-30T14:41:50+00:00",
"revision_history": [
{
"date": "2024-05-30T14:41:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-30T14:41:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:50:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.src",
"product": {
"name": "less-0:590-4.el9_4.src",
"product_id": "less-0:590-4.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.aarch64",
"product": {
"name": "less-0:590-4.el9_4.aarch64",
"product_id": "less-0:590-4.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-4.el9_4.aarch64",
"product": {
"name": "less-debugsource-0:590-4.el9_4.aarch64",
"product_id": "less-debugsource-0:590-4.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-4.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-4.el9_4.aarch64",
"product": {
"name": "less-debuginfo-0:590-4.el9_4.aarch64",
"product_id": "less-debuginfo-0:590-4.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-4.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.ppc64le",
"product": {
"name": "less-0:590-4.el9_4.ppc64le",
"product_id": "less-0:590-4.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-4.el9_4.ppc64le",
"product": {
"name": "less-debugsource-0:590-4.el9_4.ppc64le",
"product_id": "less-debugsource-0:590-4.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-4.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-4.el9_4.ppc64le",
"product": {
"name": "less-debuginfo-0:590-4.el9_4.ppc64le",
"product_id": "less-debuginfo-0:590-4.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-4.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.x86_64",
"product": {
"name": "less-0:590-4.el9_4.x86_64",
"product_id": "less-0:590-4.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-4.el9_4.x86_64",
"product": {
"name": "less-debugsource-0:590-4.el9_4.x86_64",
"product_id": "less-debugsource-0:590-4.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-4.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-4.el9_4.x86_64",
"product": {
"name": "less-debuginfo-0:590-4.el9_4.x86_64",
"product_id": "less-debuginfo-0:590-4.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-4.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-4.el9_4.s390x",
"product": {
"name": "less-0:590-4.el9_4.s390x",
"product_id": "less-0:590-4.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-4.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-4.el9_4.s390x",
"product": {
"name": "less-debugsource-0:590-4.el9_4.s390x",
"product_id": "less-debugsource-0:590-4.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-4.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-4.el9_4.s390x",
"product": {
"name": "less-debuginfo-0:590-4.el9_4.s390x",
"product_id": "less-debuginfo-0:590-4.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-4.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64"
},
"product_reference": "less-0:590-4.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le"
},
"product_reference": "less-0:590-4.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x"
},
"product_reference": "less-0:590-4.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src"
},
"product_reference": "less-0:590-4.el9_4.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-4.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64"
},
"product_reference": "less-0:590-4.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-4.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64"
},
"product_reference": "less-debuginfo-0:590-4.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-4.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le"
},
"product_reference": "less-debuginfo-0:590-4.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-4.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x"
},
"product_reference": "less-debuginfo-0:590-4.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-4.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64"
},
"product_reference": "less-debuginfo-0:590-4.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-4.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64"
},
"product_reference": "less-debugsource-0:590-4.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-4.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le"
},
"product_reference": "less-debugsource-0:590-4.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-4.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x"
},
"product_reference": "less-debugsource-0:590-4.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-4.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
},
"product_reference": "less-debugsource-0:590-4.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T14:41:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3513"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.src",
"BaseOS-9.4.0.Z.MAIN.EUS:less-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debuginfo-0:590-4.el9_4.x86_64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.aarch64",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.ppc64le",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.s390x",
"BaseOS-9.4.0.Z.MAIN.EUS:less-debugsource-0:590-4.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024:4529
Vulnerability from csaf_redhat - Published: 2024-07-15 01:12 - Updated: 2025-11-21 19:06Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4529",
"url": "https://access.redhat.com/errata/RHSA-2024:4529"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4529.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:06:10+00:00",
"generator": {
"date": "2025-11-21T19:06:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4529",
"initial_release_date": "2024-07-15T01:12:10+00:00",
"revision_history": [
{
"date": "2024-07-15T01:12:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-15T01:12:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:06:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.src",
"product": {
"name": "less-0:590-3.el9_2.src",
"product_id": "less-0:590-3.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.aarch64",
"product": {
"name": "less-0:590-3.el9_2.aarch64",
"product_id": "less-0:590-3.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-3.el9_2.aarch64",
"product": {
"name": "less-debugsource-0:590-3.el9_2.aarch64",
"product_id": "less-debugsource-0:590-3.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-3.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-3.el9_2.aarch64",
"product": {
"name": "less-debuginfo-0:590-3.el9_2.aarch64",
"product_id": "less-debuginfo-0:590-3.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-3.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.ppc64le",
"product": {
"name": "less-0:590-3.el9_2.ppc64le",
"product_id": "less-0:590-3.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-3.el9_2.ppc64le",
"product": {
"name": "less-debugsource-0:590-3.el9_2.ppc64le",
"product_id": "less-debugsource-0:590-3.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-3.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-3.el9_2.ppc64le",
"product": {
"name": "less-debuginfo-0:590-3.el9_2.ppc64le",
"product_id": "less-debuginfo-0:590-3.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-3.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.x86_64",
"product": {
"name": "less-0:590-3.el9_2.x86_64",
"product_id": "less-0:590-3.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-3.el9_2.x86_64",
"product": {
"name": "less-debugsource-0:590-3.el9_2.x86_64",
"product_id": "less-debugsource-0:590-3.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-3.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-3.el9_2.x86_64",
"product": {
"name": "less-debuginfo-0:590-3.el9_2.x86_64",
"product_id": "less-debuginfo-0:590-3.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-3.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:590-3.el9_2.s390x",
"product": {
"name": "less-0:590-3.el9_2.s390x",
"product_id": "less-0:590-3.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@590-3.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:590-3.el9_2.s390x",
"product": {
"name": "less-debugsource-0:590-3.el9_2.s390x",
"product_id": "less-debugsource-0:590-3.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@590-3.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:590-3.el9_2.s390x",
"product": {
"name": "less-debuginfo-0:590-3.el9_2.s390x",
"product_id": "less-debuginfo-0:590-3.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@590-3.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64"
},
"product_reference": "less-0:590-3.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le"
},
"product_reference": "less-0:590-3.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x"
},
"product_reference": "less-0:590-3.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src"
},
"product_reference": "less-0:590-3.el9_2.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:590-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64"
},
"product_reference": "less-0:590-3.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-3.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64"
},
"product_reference": "less-debuginfo-0:590-3.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le"
},
"product_reference": "less-debuginfo-0:590-3.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-3.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x"
},
"product_reference": "less-debuginfo-0:590-3.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:590-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64"
},
"product_reference": "less-debuginfo-0:590-3.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-3.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64"
},
"product_reference": "less-debugsource-0:590-3.el9_2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-3.el9_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le"
},
"product_reference": "less-debugsource-0:590-3.el9_2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-3.el9_2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x"
},
"product_reference": "less-debugsource-0:590-3.el9_2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:590-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
},
"product_reference": "less-debugsource-0:590-3.el9_2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-15T01:12:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.src",
"BaseOS-9.2.0.Z.EUS:less-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debuginfo-0:590-3.el9_2.x86_64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.aarch64",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.ppc64le",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.s390x",
"BaseOS-9.2.0.Z.EUS:less-debugsource-0:590-3.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024:4416
Vulnerability from csaf_redhat - Published: 2024-07-09 10:03 - Updated: 2025-11-21 19:05Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4416",
"url": "https://access.redhat.com/errata/RHSA-2024:4416"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4416.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:05:43+00:00",
"generator": {
"date": "2025-11-21T19:05:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4416",
"initial_release_date": "2024-07-09T10:03:01+00:00",
"revision_history": [
{
"date": "2024-07-09T10:03:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-09T10:03:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:05:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_4.src",
"product": {
"name": "less-0:530-2.el8_4.src",
"product_id": "less-0:530-2.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_4.x86_64",
"product": {
"name": "less-0:530-2.el8_4.x86_64",
"product_id": "less-0:530-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-2.el8_4.x86_64",
"product": {
"name": "less-debugsource-0:530-2.el8_4.x86_64",
"product_id": "less-debugsource-0:530-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-2.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-2.el8_4.x86_64",
"product": {
"name": "less-debuginfo-0:530-2.el8_4.x86_64",
"product_id": "less-debuginfo-0:530-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-2.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-2.el8_4.ppc64le",
"product": {
"name": "less-0:530-2.el8_4.ppc64le",
"product_id": "less-0:530-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-2.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-2.el8_4.ppc64le",
"product": {
"name": "less-debugsource-0:530-2.el8_4.ppc64le",
"product_id": "less-debugsource-0:530-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-2.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-2.el8_4.ppc64le",
"product": {
"name": "less-debuginfo-0:530-2.el8_4.ppc64le",
"product_id": "less-debuginfo-0:530-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-2.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src"
},
"product_reference": "less-0:530-2.el8_4.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64"
},
"product_reference": "less-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debuginfo-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debugsource-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le"
},
"product_reference": "less-0:530-2.el8_4.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src"
},
"product_reference": "less-0:530-2.el8_4.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64"
},
"product_reference": "less-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le"
},
"product_reference": "less-debuginfo-0:530-2.el8_4.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debuginfo-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le"
},
"product_reference": "less-debugsource-0:530-2.el8_4.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debugsource-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src"
},
"product_reference": "less-0:530-2.el8_4.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64"
},
"product_reference": "less-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debuginfo-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
},
"product_reference": "less-debugsource-0:530-2.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-09T10:03:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4416"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.AUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.E4S:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.ppc64le",
"BaseOS-8.4.0.Z.E4S:less-debugsource-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.src",
"BaseOS-8.4.0.Z.TUS:less-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debuginfo-0:530-2.el8_4.x86_64",
"BaseOS-8.4.0.Z.TUS:less-debugsource-0:530-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024_3669
Vulnerability from csaf_redhat - Published: 2024-06-06 09:37 - Updated: 2024-11-24 15:50Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows
users to move backwards in the file as well as forwards. Since "less" does not
read the entire input file at startup, it also starts more quickly than ordinary
text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows\nusers to move backwards in the file as well as forwards. Since \"less\" does not\nread the entire input file at startup, it also starts more quickly than ordinary\ntext editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3669",
"url": "https://access.redhat.com/errata/RHSA-2024:3669"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3669.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2024-11-24T15:50:51+00:00",
"generator": {
"date": "2024-11-24T15:50:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:3669",
"initial_release_date": "2024-06-06T09:37:49+00:00",
"revision_history": [
{
"date": "2024-06-06T09:37:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-06T09:37:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T15:50:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.src",
"product": {
"name": "less-0:458-10.el7_9.src",
"product_id": "less-0:458-10.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.x86_64",
"product": {
"name": "less-0:458-10.el7_9.x86_64",
"product_id": "less-0:458-10.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:458-10.el7_9.x86_64",
"product": {
"name": "less-debuginfo-0:458-10.el7_9.x86_64",
"product_id": "less-debuginfo-0:458-10.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@458-10.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.ppc64le",
"product": {
"name": "less-0:458-10.el7_9.ppc64le",
"product_id": "less-0:458-10.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:458-10.el7_9.ppc64le",
"product": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64le",
"product_id": "less-debuginfo-0:458-10.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@458-10.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.ppc64",
"product": {
"name": "less-0:458-10.el7_9.ppc64",
"product_id": "less-0:458-10.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:458-10.el7_9.ppc64",
"product": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64",
"product_id": "less-debuginfo-0:458-10.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@458-10.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:458-10.el7_9.s390x",
"product": {
"name": "less-0:458-10.el7_9.s390x",
"product_id": "less-0:458-10.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@458-10.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:458-10.el7_9.s390x",
"product": {
"name": "less-debuginfo-0:458-10.el7_9.s390x",
"product_id": "less-debuginfo-0:458-10.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@458-10.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.ppc64"
},
"product_reference": "less-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.s390x"
},
"product_reference": "less-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.src"
},
"product_reference": "less-0:458-10.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-0:458-10.el7_9.x86_64"
},
"product_reference": "less-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.ppc64"
},
"product_reference": "less-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.s390x"
},
"product_reference": "less-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.src"
},
"product_reference": "less-0:458-10.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-0:458-10.el7_9.x86_64"
},
"product_reference": "less-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64"
},
"product_reference": "less-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.s390x"
},
"product_reference": "less-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.src"
},
"product_reference": "less-0:458-10.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64"
},
"product_reference": "less-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:458-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
},
"product_reference": "less-debuginfo-0:458-10.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-0:458-10.el7_9.src",
"7Client-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-0:458-10.el7_9.src",
"7Server-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-0:458-10.el7_9.src",
"7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-06T09:37:49+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-0:458-10.el7_9.src",
"7Client-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-0:458-10.el7_9.src",
"7Server-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-0:458-10.el7_9.src",
"7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3669"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-0:458-10.el7_9.src",
"7Client-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-0:458-10.el7_9.src",
"7Server-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-0:458-10.el7_9.src",
"7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-0:458-10.el7_9.src",
"7Client-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Client-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-0:458-10.el7_9.src",
"7Server-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Server-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-0:458-10.el7_9.src",
"7Workstation-7.9.Z:less-0:458-10.el7_9.x86_64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.ppc64le",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.s390x",
"7Workstation-7.9.Z:less-debuginfo-0:458-10.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
RHSA-2024:4256
Vulnerability from csaf_redhat - Published: 2024-07-02 15:27 - Updated: 2025-11-21 19:05Summary
Red Hat Security Advisory: less security update
Notes
Topic
An update for less is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
* less: missing quoting of shell metacharacters in LESSCLOSE handling (CVE-2022-48624)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for less is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.\n\nSecurity Fix(es):\n\n* less: OS command injection (CVE-2024-32487)\n\n* less: missing quoting of shell metacharacters in LESSCLOSE handling (CVE-2022-48624)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4256",
"url": "https://access.redhat.com/errata/RHSA-2024:4256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2265081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265081"
},
{
"category": "external",
"summary": "2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4256.json"
}
],
"title": "Red Hat Security Advisory: less security update",
"tracking": {
"current_release_date": "2025-11-21T19:05:04+00:00",
"generator": {
"date": "2025-11-21T19:05:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4256",
"initial_release_date": "2024-07-02T15:27:33+00:00",
"revision_history": [
{
"date": "2024-07-02T15:27:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-02T15:27:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:05:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.src",
"product": {
"name": "less-0:530-3.el8_10.src",
"product_id": "less-0:530-3.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.aarch64",
"product": {
"name": "less-0:530-3.el8_10.aarch64",
"product_id": "less-0:530-3.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_10.aarch64",
"product": {
"name": "less-debugsource-0:530-3.el8_10.aarch64",
"product_id": "less-debugsource-0:530-3.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_10.aarch64",
"product": {
"name": "less-debuginfo-0:530-3.el8_10.aarch64",
"product_id": "less-debuginfo-0:530-3.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.ppc64le",
"product": {
"name": "less-0:530-3.el8_10.ppc64le",
"product_id": "less-0:530-3.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_10.ppc64le",
"product": {
"name": "less-debugsource-0:530-3.el8_10.ppc64le",
"product_id": "less-debugsource-0:530-3.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_10.ppc64le",
"product": {
"name": "less-debuginfo-0:530-3.el8_10.ppc64le",
"product_id": "less-debuginfo-0:530-3.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.x86_64",
"product": {
"name": "less-0:530-3.el8_10.x86_64",
"product_id": "less-0:530-3.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_10.x86_64",
"product": {
"name": "less-debugsource-0:530-3.el8_10.x86_64",
"product_id": "less-debugsource-0:530-3.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_10.x86_64",
"product": {
"name": "less-debuginfo-0:530-3.el8_10.x86_64",
"product_id": "less-debuginfo-0:530-3.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-0:530-3.el8_10.s390x",
"product": {
"name": "less-0:530-3.el8_10.s390x",
"product_id": "less-0:530-3.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less@530-3.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debugsource-0:530-3.el8_10.s390x",
"product": {
"name": "less-debugsource-0:530-3.el8_10.s390x",
"product_id": "less-debugsource-0:530-3.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debugsource@530-3.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "less-debuginfo-0:530-3.el8_10.s390x",
"product": {
"name": "less-debuginfo-0:530-3.el8_10.s390x",
"product_id": "less-debuginfo-0:530-3.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/less-debuginfo@530-3.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64"
},
"product_reference": "less-0:530-3.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le"
},
"product_reference": "less-0:530-3.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x"
},
"product_reference": "less-0:530-3.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src"
},
"product_reference": "less-0:530-3.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-0:530-3.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64"
},
"product_reference": "less-0:530-3.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64"
},
"product_reference": "less-debuginfo-0:530-3.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le"
},
"product_reference": "less-debuginfo-0:530-3.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x"
},
"product_reference": "less-debuginfo-0:530-3.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debuginfo-0:530-3.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64"
},
"product_reference": "less-debuginfo-0:530-3.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64"
},
"product_reference": "less-debugsource-0:530-3.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le"
},
"product_reference": "less-debugsource-0:530-3.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x"
},
"product_reference": "less-debugsource-0:530-3.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-debugsource-0:530-3.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
},
"product_reference": "less-debugsource-0:530-3.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48624",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265081"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: missing quoting of shell metacharacters in LESSCLOSE handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs the ability to influence the LESSCLOSE environment variable. This requirement makes this CVE a Moderate impact CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-48624"
},
{
"category": "external",
"summary": "RHBZ#2265081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48624",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48624"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-02T15:27:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "less: missing quoting of shell metacharacters in LESSCLOSE handling"
},
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274980"
}
],
"notes": [
{
"category": "description",
"text": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "less: OS command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "RHBZ#2274980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"release_date": "2024-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-02T15:27:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:less-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debuginfo-0:530-3.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:less-debugsource-0:530-3.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "less: OS command injection"
}
]
}
GSD-2024-32487
Vulnerability from gsd - Updated: 2024-04-14 05:01Details
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-32487"
],
"details": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"id": "GSD-2024-32487",
"modified": "2024-04-14T05:01:53.601837Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-32487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2024/04/13/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"name": "https://www.openwall.com/lists/oss-security/2024/04/12/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"name": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33",
"refsource": "MISC",
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."
},
{
"lang": "es",
"value": "less hasta 653 permite la ejecuci\u00f3n de comandos del sistema operativo mediante un car\u00e1cter de nueva l\u00ednea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotaci\u00f3n normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extra\u00eddos de un archivo que no es de confianza. La explotaci\u00f3n tambi\u00e9n requiere la variable de entorno LESSOPEN, pero est\u00e1 configurada de forma predeterminada en muchos casos comunes."
}
],
"id": "CVE-2024-32487",
"lastModified": "2024-04-15T13:15:31.997",
"metrics": {},
"published": "2024-04-13T15:15:52.683",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"source": "cve@mitre.org",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"source": "cve@mitre.org",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
WID-SEC-W-2025-0225
Vulnerability from csaf_certbund - Published: 2025-01-30 23:00 - Updated: 2025-04-09 22:00Summary
Dell PowerProtect Data Domain: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Dell PowerProtect Data Domain Appliances sind speziell für Backup und Daten-Deduplizierung ausgelegte Systeme.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain ausnutzen, um erhöhte Rechte zu erlangen, einen Denial-of-Service-Zustand herbeizuführen und einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell PowerProtect Data Domain Appliances sind speziell f\u00fcr Backup und Daten-Deduplizierung ausgelegte Systeme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain ausnutzen, um erh\u00f6hte Rechte zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0225 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0225.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0225 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0225"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-022 vom 2025-01-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2804 vom 2025-04-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2804.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7429-2 vom 2025-04-09",
"url": "https://ubuntu.com/security/notices/USN-7429-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7429-1 vom 2025-04-09",
"url": "https://ubuntu.com/security/notices/USN-7429-1"
}
],
"source_lang": "en-US",
"title": "Dell PowerProtect Data Domain: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-09T22:00:00.000+00:00",
"generator": {
"date": "2025-04-10T08:15:47.247+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0225",
"initial_release_date": "2025-01-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.3.0.0",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.3.0.0",
"product_id": "T040718"
}
},
{
"category": "product_version",
"name": "8.3.0.0",
"product": {
"name": "Dell PowerProtect Data Domain 8.3.0.0",
"product_id": "T040718-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.3.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.13.1.20",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.13.1.20",
"product_id": "T040719"
}
},
{
"category": "product_version",
"name": "7.13.1.20",
"product": {
"name": "Dell PowerProtect Data Domain 7.13.1.20",
"product_id": "T040719-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.20"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.10.1.50",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.10.1.50",
"product_id": "T040721"
}
},
{
"category": "product_version",
"name": "7.10.1.50",
"product": {
"name": "Dell PowerProtect Data Domain 7.10.1.50",
"product_id": "T040721-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.50"
}
}
}
],
"category": "product_name",
"name": "PowerProtect Data Domain"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-4235",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2013-4235"
},
{
"cve": "CVE-2015-8100",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2015-8100"
},
{
"cve": "CVE-2017-9271",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2017-9271"
},
{
"cve": "CVE-2018-6798",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2018-6798"
},
{
"cve": "CVE-2018-6913",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2018-6913"
},
{
"cve": "CVE-2019-20633",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2019-20633"
},
{
"cve": "CVE-2019-20892",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2019-20892"
},
{
"cve": "CVE-2020-12762",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2020-12762"
},
{
"cve": "CVE-2020-15861",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2020-15861"
},
{
"cve": "CVE-2020-15862",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2020-15862"
},
{
"cve": "CVE-2021-3521",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-3521"
},
{
"cve": "CVE-2021-37750",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-37750"
},
{
"cve": "CVE-2021-46933",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-46933"
},
{
"cve": "CVE-2021-46955",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-46955"
},
{
"cve": "CVE-2021-47074",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47074"
},
{
"cve": "CVE-2021-47113",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47113"
},
{
"cve": "CVE-2021-47131",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47131"
},
{
"cve": "CVE-2021-47162",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47162"
},
{
"cve": "CVE-2021-47171",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47171"
},
{
"cve": "CVE-2021-47188",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47188"
},
{
"cve": "CVE-2021-47206",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47206"
},
{
"cve": "CVE-2021-47220",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47220"
},
{
"cve": "CVE-2021-47229",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47229"
},
{
"cve": "CVE-2021-47231",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47231"
},
{
"cve": "CVE-2021-47235",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2021-47235"
},
{
"cve": "CVE-2022-2601",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2022-2601"
},
{
"cve": "CVE-2022-3775",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2022-3775"
},
{
"cve": "CVE-2022-44792",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2022-44792"
},
{
"cve": "CVE-2022-44793",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2022-44793"
},
{
"cve": "CVE-2022-48566",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2022-48566"
},
{
"cve": "CVE-2023-27043",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-28074",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-28074"
},
{
"cve": "CVE-2023-3164",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-3164"
},
{
"cve": "CVE-2023-36632",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-36632"
},
{
"cve": "CVE-2023-4421",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-4421"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45288",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2023-45733",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-45733"
},
{
"cve": "CVE-2023-45745",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-45745"
},
{
"cve": "CVE-2023-45918",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-45918"
},
{
"cve": "CVE-2023-46103",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-46103"
},
{
"cve": "CVE-2023-4692",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-4692"
},
{
"cve": "CVE-2023-47233",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-47233"
},
{
"cve": "CVE-2023-47855",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-47855"
},
{
"cve": "CVE-2023-49083",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-49083"
},
{
"cve": "CVE-2023-50782",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-50782"
},
{
"cve": "CVE-2023-52425",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2023-52428",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2023-52527",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52527"
},
{
"cve": "CVE-2023-52586",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52586"
},
{
"cve": "CVE-2023-52591",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52591"
},
{
"cve": "CVE-2023-52646",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52646"
},
{
"cve": "CVE-2023-52653",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52653"
},
{
"cve": "CVE-2023-52655",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52655"
},
{
"cve": "CVE-2023-52664",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52664"
},
{
"cve": "CVE-2023-52685",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52685"
},
{
"cve": "CVE-2023-52686",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52686"
},
{
"cve": "CVE-2023-52691",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52691"
},
{
"cve": "CVE-2023-52696",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52696"
},
{
"cve": "CVE-2023-52698",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52698"
},
{
"cve": "CVE-2023-52703",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52703"
},
{
"cve": "CVE-2023-52730",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52730"
},
{
"cve": "CVE-2023-52732",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52732"
},
{
"cve": "CVE-2023-52741",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52741"
},
{
"cve": "CVE-2023-52742",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52742"
},
{
"cve": "CVE-2023-52747",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52747"
},
{
"cve": "CVE-2023-52759",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52759"
},
{
"cve": "CVE-2023-52774",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52774"
},
{
"cve": "CVE-2023-52781",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52781"
},
{
"cve": "CVE-2023-52796",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52796"
},
{
"cve": "CVE-2023-52803",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52803"
},
{
"cve": "CVE-2023-52821",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52821"
},
{
"cve": "CVE-2023-52864",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52864"
},
{
"cve": "CVE-2023-52865",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52865"
},
{
"cve": "CVE-2023-52867",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52867"
},
{
"cve": "CVE-2023-52875",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52875"
},
{
"cve": "CVE-2023-52880",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-52880"
},
{
"cve": "CVE-2023-5388",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-5388"
},
{
"cve": "CVE-2023-5752",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-5752"
},
{
"cve": "CVE-2023-5992",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-5992"
},
{
"cve": "CVE-2023-6597",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2023-6597"
},
{
"cve": "CVE-2024-0397",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-0450",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-0639",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-0639"
},
{
"cve": "CVE-2024-0727",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-1737",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-1737"
},
{
"cve": "CVE-2024-1975",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-1975"
},
{
"cve": "CVE-2024-2004",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-2004"
},
{
"cve": "CVE-2024-20696",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-20696"
},
{
"cve": "CVE-2024-22195",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-2398",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-24577",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-24577"
},
{
"cve": "CVE-2024-24790",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-24790"
},
{
"cve": "CVE-2024-2511",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-25710",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26458",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26458"
},
{
"cve": "CVE-2024-26461",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26461"
},
{
"cve": "CVE-2024-26625",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26625"
},
{
"cve": "CVE-2024-26739",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26739"
},
{
"cve": "CVE-2024-26752",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26752"
},
{
"cve": "CVE-2024-26775",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26775"
},
{
"cve": "CVE-2024-26791",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26791"
},
{
"cve": "CVE-2024-26828",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26828"
},
{
"cve": "CVE-2024-26846",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26846"
},
{
"cve": "CVE-2024-26874",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26874"
},
{
"cve": "CVE-2024-26876",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26876"
},
{
"cve": "CVE-2024-26900",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26900"
},
{
"cve": "CVE-2024-26915",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26915"
},
{
"cve": "CVE-2024-26920",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26920"
},
{
"cve": "CVE-2024-26921",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26921"
},
{
"cve": "CVE-2024-26929",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26929"
},
{
"cve": "CVE-2024-26930",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26930"
},
{
"cve": "CVE-2024-26931",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26931"
},
{
"cve": "CVE-2024-26934",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26934"
},
{
"cve": "CVE-2024-26957",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26957"
},
{
"cve": "CVE-2024-26958",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26958"
},
{
"cve": "CVE-2024-26984",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26984"
},
{
"cve": "CVE-2024-26996",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-26996"
},
{
"cve": "CVE-2024-27008",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27008"
},
{
"cve": "CVE-2024-27054",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27054"
},
{
"cve": "CVE-2024-27059",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27059"
},
{
"cve": "CVE-2024-27062",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27062"
},
{
"cve": "CVE-2024-27388",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27388"
},
{
"cve": "CVE-2024-27396",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27396"
},
{
"cve": "CVE-2024-27398",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27398"
},
{
"cve": "CVE-2024-27401",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27401"
},
{
"cve": "CVE-2024-27419",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27419"
},
{
"cve": "CVE-2024-27436",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-27436"
},
{
"cve": "CVE-2024-28085",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-28085"
},
{
"cve": "CVE-2024-28182",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-2961",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-32487",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-32487"
},
{
"cve": "CVE-2024-33599",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-33871",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-33871"
},
{
"cve": "CVE-2024-34062",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-34062"
},
{
"cve": "CVE-2024-34064",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34459",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-34459"
},
{
"cve": "CVE-2024-35195",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-35235",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35235"
},
{
"cve": "CVE-2024-35789",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35789"
},
{
"cve": "CVE-2024-35791",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35791"
},
{
"cve": "CVE-2024-35809",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35809"
},
{
"cve": "CVE-2024-35811",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35811"
},
{
"cve": "CVE-2024-35830",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35830"
},
{
"cve": "CVE-2024-35849",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35849"
},
{
"cve": "CVE-2024-35877",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35877"
},
{
"cve": "CVE-2024-35878",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35878"
},
{
"cve": "CVE-2024-35887",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35887"
},
{
"cve": "CVE-2024-35895",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35895"
},
{
"cve": "CVE-2024-35914",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35914"
},
{
"cve": "CVE-2024-35932",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35932"
},
{
"cve": "CVE-2024-35935",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35935"
},
{
"cve": "CVE-2024-35936",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35936"
},
{
"cve": "CVE-2024-35944",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35944"
},
{
"cve": "CVE-2024-35955",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35955"
},
{
"cve": "CVE-2024-35969",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35969"
},
{
"cve": "CVE-2024-35982",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-35982"
},
{
"cve": "CVE-2024-36015",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-36015"
},
{
"cve": "CVE-2024-36029",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-36029"
},
{
"cve": "CVE-2024-3651",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-36954",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-36954"
},
{
"cve": "CVE-2024-37370",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-37370"
},
{
"cve": "CVE-2024-37371",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-37891",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38428",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-38428"
},
{
"cve": "CVE-2024-39689",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-39689"
},
{
"cve": "CVE-2024-4032",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-41110",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-41110"
},
{
"cve": "CVE-2024-4317",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-4317"
},
{
"cve": "CVE-2024-4741",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5206",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-5206"
},
{
"cve": "CVE-2024-5535",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-6232",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6345",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-6345"
},
{
"cve": "CVE-2024-6655",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-6655"
},
{
"cve": "CVE-2024-7264",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2024-7592",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-53295",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-53295"
},
{
"cve": "CVE-2024-51534",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-51534"
},
{
"cve": "CVE-2024-53296",
"product_status": {
"known_affected": [
"T040719",
"T040718",
"T000126",
"T040721",
"398363"
]
},
"release_date": "2025-01-30T23:00:00.000+00:00",
"title": "CVE-2024-53296"
}
]
}
WID-SEC-W-2024-0880
Vulnerability from csaf_certbund - Published: 2024-04-14 22:00 - Updated: 2025-06-15 22:00Summary
less: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
"less" ist ein Kommandozeilen-Textbetrachter für Linux, mit dem der Benutzer den Inhalt einer Datei anzeigen und durch Vor- und Zurückblättern in der Datei navigieren kann.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in less ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "\"less\" ist ein Kommandozeilen-Textbetrachter f\u00fcr Linux, mit dem der Benutzer den Inhalt einer Datei anzeigen und durch Vor- und Zur\u00fcckbl\u00e4ttern in der Datei navigieren kann.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in less ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0880 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0880.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0880 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0880"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2024-04-14",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274980"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2024-04-14",
"url": "https://github.com/advisories/GHSA-f53j-pgm5-c4r3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6756-1 vom 2024-04-29",
"url": "https://ubuntu.com/security/notices/USN-6756-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5679 vom 2024-05-03",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00088.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1534-1 vom 2024-05-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018470.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1550-1 vom 2024-05-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018476.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1598-1 vom 2024-05-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XZNIRGIAQJW43GQW2RWPHLLFT5O37OU/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3823 vom 2024-05-27",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3513 vom 2024-05-30",
"url": "https://linux.oracle.com/errata/ELSA-2024-3513.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3513 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3513"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2547 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2547.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3669 vom 2024-06-06",
"url": "https://access.redhat.com/errata/RHSA-2024:3669"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3669 vom 2024-06-06",
"url": "https://linux.oracle.com/errata/ELSA-2024-3669.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2060-1 vom 2024-06-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/AZFWGAQ7MLEAIK2FJLAADISKICDIVU6U/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4256 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4256"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4256 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4256.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
"url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4366 vom 2024-07-08",
"url": "https://access.redhat.com/errata/RHSA-2024:4366"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4369 vom 2024-07-08",
"url": "https://access.redhat.com/errata/RHSA-2024:4369"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4418 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4418"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4416 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4416"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4321"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4528 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4528"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4529 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4529"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-C94F884440 vom 2024-07-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c94f884440"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-C0E7A4F5EF vom 2024-07-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c0e7a4f5ef"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1598-2 vom 2024-07-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019079.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-412 vom 2024-09-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000230678/dsa-2024-412-security-update-for-dell-ecs-3-8-1-2-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
"url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7178948 vom 2024-12-14",
"url": "https://www.ibm.com/support/pages/node/7178948"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-1958 vom 2025-02-05",
"url": "https://alas.aws.amazon.com/ALAS-2025-1958.html"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2025-2895 vom 2025-02-13",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25398"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2025-2668 vom 2025-02-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25432"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20007-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021405.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20394-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021527.html"
}
],
"source_lang": "en-US",
"title": "less: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-06-15T22:00:00.000+00:00",
"generator": {
"date": "2025-06-16T06:25:34.045+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0880",
"initial_release_date": "2024-04-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-27T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-06-05T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat, Oracle Linux und Dell aufgenommen"
},
{
"date": "2024-07-08T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-14T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-28T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM und SUSE aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-02-05T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.1b",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1b",
"product_id": "1716996"
}
},
{
"category": "product_version",
"name": "2.3.1b",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1b",
"product_id": "1716996-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1b"
}
}
},
{
"category": "product_name",
"name": "Broadcom Brocade SANnav",
"product": {
"name": "Broadcom Brocade SANnav",
"product_id": "T034392",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:-"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.8.1.2",
"product": {
"name": "Dell ECS \u003c3.8.1.2",
"product_id": "T037906"
}
},
{
"category": "product_version",
"name": "3.8.1.2",
"product": {
"name": "Dell ECS 3.8.1.2",
"product_id": "T037906-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:ecs:3.8.1.2"
}
}
}
],
"category": "product_name",
"name": "ECS"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.11",
"product": {
"name": "Dell NetWorker \u003c19.11",
"product_id": "T035785"
}
},
{
"category": "product_version",
"name": "19.11",
"product": {
"name": "Dell NetWorker 19.11",
"product_id": "T035785-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.11"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "V10",
"product": {
"name": "IBM Power Hardware Management Console V10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=653",
"product": {
"name": "Open Source less \u003c=653",
"product_id": "T034112"
}
},
{
"category": "product_version_range",
"name": "\u003c=653",
"product": {
"name": "Open Source less \u003c=653",
"product_id": "T034112-fixed"
}
}
],
"category": "product_name",
"name": "less"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"product_status": {
"known_affected": [
"T028053",
"T037906",
"67646",
"T004914",
"T035785",
"74185",
"T014381",
"2951",
"T002207",
"T034392",
"T000126",
"T024663",
"398363",
"1716996",
"T023373"
],
"last_affected": [
"T034112"
]
},
"release_date": "2024-04-14T22:00:00.000+00:00",
"title": "CVE-2024-32487"
}
]
}
OPENSUSE-SU-2025:14862-1
Vulnerability from csaf_opensuse - Published: 2025-03-07 00:00 - Updated: 2025-03-07 00:00Summary
less-668-2.1 on GA media
Notes
Title of the patch
less-668-2.1 on GA media
Description of the patch
These are all security issues fixed in the less-668-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14862
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "less-668-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the less-668-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14862",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14862-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32487/"
}
],
"title": "less-668-2.1 on GA media",
"tracking": {
"current_release_date": "2025-03-07T00:00:00Z",
"generator": {
"date": "2025-03-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14862-1",
"initial_release_date": "2025-03-07T00:00:00Z",
"revision_history": [
{
"date": "2025-03-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "less-668-2.1.aarch64",
"product": {
"name": "less-668-2.1.aarch64",
"product_id": "less-668-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "less-668-2.1.ppc64le",
"product": {
"name": "less-668-2.1.ppc64le",
"product_id": "less-668-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "less-668-2.1.s390x",
"product": {
"name": "less-668-2.1.s390x",
"product_id": "less-668-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "less-668-2.1.x86_64",
"product": {
"name": "less-668-2.1.x86_64",
"product_id": "less-668-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "less-668-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:less-668-2.1.aarch64"
},
"product_reference": "less-668-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-668-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:less-668-2.1.ppc64le"
},
"product_reference": "less-668-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-668-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:less-668-2.1.s390x"
},
"product_reference": "less-668-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "less-668-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:less-668-2.1.x86_64"
},
"product_reference": "less-668-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32487"
}
],
"notes": [
{
"category": "general",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:less-668-2.1.aarch64",
"openSUSE Tumbleweed:less-668-2.1.ppc64le",
"openSUSE Tumbleweed:less-668-2.1.s390x",
"openSUSE Tumbleweed:less-668-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32487",
"url": "https://www.suse.com/security/cve/CVE-2024-32487"
},
{
"category": "external",
"summary": "SUSE Bug 1222849 for CVE-2024-32487",
"url": "https://bugzilla.suse.com/1222849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:less-668-2.1.aarch64",
"openSUSE Tumbleweed:less-668-2.1.ppc64le",
"openSUSE Tumbleweed:less-668-2.1.s390x",
"openSUSE Tumbleweed:less-668-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:less-668-2.1.aarch64",
"openSUSE Tumbleweed:less-668-2.1.ppc64le",
"openSUSE Tumbleweed:less-668-2.1.s390x",
"openSUSE Tumbleweed:less-668-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-32487"
}
]
}
GHSA-F53J-PGM5-C4R3
Vulnerability from github – Published: 2024-04-13 15:34 – Updated: 2024-07-08 15:31
VLAI?
Details
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Severity ?
8.6 (High)
{
"affected": [],
"aliases": [
"CVE-2024-32487"
],
"database_specific": {
"cwe_ids": [
"CWE-96"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-13T15:15:52Z",
"severity": "HIGH"
},
"details": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"id": "GHSA-f53j-pgm5-c4r3",
"modified": "2024-07-08T15:31:54Z",
"published": "2024-04-13T15:34:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32487"
},
{
"type": "WEB",
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240605-0009"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2024-32487
Vulnerability from csaf_microsoft - Published: 2024-04-02 07:00 - Updated: 2024-07-12 00:00Summary
less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable but this is set by default in many common cases.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable but this is set by default in many common cases. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-32487.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable but this is set by default in many common cases.",
"tracking": {
"current_release_date": "2024-07-12T00:00:00.000Z",
"generator": {
"date": "2025-10-20T01:14:16.772Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-32487",
"initial_release_date": "2024-04-02T07:00:00.000Z",
"revision_history": [
{
"date": "2024-04-22T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2024-07-12T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 less 643-2",
"product": {
"name": "\u003cazl3 less 643-2",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 less 643-2",
"product": {
"name": "azl3 less 643-2",
"product_id": "17756"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 less 590-4",
"product": {
"name": "\u003ccbl2 less 590-4",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 less 590-4",
"product": {
"name": "cbl2 less 590-4",
"product_id": "19896"
}
}
],
"category": "product_name",
"name": "less"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 less 643-2 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 less 643-2 as a component of Azure Linux 3.0",
"product_id": "17756-17084"
},
"product_reference": "17756",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 less 590-4 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 less 590-4 as a component of CBL Mariner 2.0",
"product_id": "19896-17086"
},
"product_reference": "19896",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17756-17084",
"19896-17086"
],
"known_affected": [
"17084-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable but this is set by default in many common cases. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-32487.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-22T00:00:00.000Z",
"details": "643-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-04-22T00:00:00.000Z",
"details": "590-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.6,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-2",
"17086-1"
]
}
],
"title": "less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable but this is set by default in many common cases."
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…