← Volver a CVEs
CVE-2024-32487
HIGH8.6
Descripcion
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Detalles CVE
Puntuacion CVSS v3.18.6
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado4/13/2024
Ultima modificacion6/17/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
debian:debian_linuxgreenwoodsoftware:lessnetapp:bootstrap_osnetapp:hci_compute_nodenetapp:hci_storage_nodesnetapp:solidfire
Debilidades (CWE)
CWE-96
Referencias
http://www.openwall.com/lists/oss-security/2024/04/15/1(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20240605-0009/(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2024/04/12/5(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2024/04/13/2(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/04/15/1(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240605-0009/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2024/04/12/5(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2024/04/13/2(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.