VDB
DEBIAN-CVE-2024-32487
DEBIAN-CVE-2024-32487
PUBLISHED
CVSS 8.600000381469727 HIGH
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Risk Scores
CVSS v3.1
8.600000381469727
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | less | 551-2, 0, * |
| Debian:14 | less | 0, 0 |
| Debian:12 | less | 0, 2.1, 590-2 |
| Debian:13 | less | 0, 0 |
Timeline
- Apr 13, 2024 CVE Published
- Apr 28, 2026 CVE Updated