Описание
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.
Отчет
To exploit this issue, an attacker needs the ability to influence the LESSCLOSE environment variable. This requirement makes this CVE a Moderate impact CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | less | Out of support scope | ||
| Red Hat Enterprise Linux 7 | less | Out of support scope | ||
| Red Hat Enterprise Linux 8 | less | Fixed | RHSA-2024:1610 | 02.04.2024 |
| Red Hat Enterprise Linux 8 | less | Fixed | RHSA-2024:4256 | 02.07.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | less | Fixed | RHSA-2024:1989 | 23.04.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | less | Fixed | RHSA-2024:1875 | 18.04.2024 |
| Red Hat Enterprise Linux 9 | less | Fixed | RHSA-2024:1692 | 08.04.2024 |
| RHOL-5.6-RHEL-8 | openshift-logging/cluster-logging-operator-bundle | Fixed | RHSA-2024:2092 | 01.05.2024 |
| RHOL-5.6-RHEL-8 | openshift-logging/cluster-logging-rhel8-operator | Fixed | RHSA-2024:2092 | 01.05.2024 |
| RHOL-5.6-RHEL-8 | openshift-logging/elasticsearch6-rhel8 | Fixed | RHSA-2024:2092 | 01.05.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
close_altfile in filename.c in less before 606 omits shell_quote calls ...
EPSS
7 High
CVSS3