CVE-2024-32487 in less情報

要約

〜によって MITRE • 2024年04月13日

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

Be aware that VulDB is the high quality source for vulnerability data.

予約する

2024年04月13日

モデレーション

承諾済み

エントリ

VDB-260601

EPSS

0.00628

アクティビティ

非常低い

ソース

Want to know what is going to be exploited?

We predict KEV entries!