UBUNTU-CVE-2024-32487

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2024-32487

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-32487.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-32487

Related

Published

2024-04-13T15:15:00Z

Modified

2024-04-13T15:15:00Z

Summary

[none]

Details

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

References

Affected packages

Ubuntu:Pro:14.04:LTS / less

Package

Name: less
Purl: pkg:deb/ubuntu/less?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

458-2ubuntu0.1~esm1

Affected versions

Other

458-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "458-2ubuntu0.1~esm1",
            "binary_name": "less"
        },
        {
            "binary_version": "458-2ubuntu0.1~esm1",
            "binary_name": "less-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / less

Package

Name: less
Purl: pkg:deb/ubuntu/less?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

481-2.1ubuntu0.2+esm2

Affected versions

Other

458-3

458-3ubuntu1

481-2

481-2ubuntu1

481-2.*

481-2.1

481-2.1ubuntu0.1

481-2.1ubuntu0.2

481-2.1ubuntu0.2+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "481-2.1ubuntu0.2+esm2",
            "binary_name": "less"
        },
        {
            "binary_version": "481-2.1ubuntu0.2+esm2",
            "binary_name": "less-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / less

Package

Name: less
Purl: pkg:deb/ubuntu/less?arch=src?distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

487-0.1ubuntu0.1~esm2

Affected versions

481-2.*

481-2.1ubuntu2

481-2.1ubuntu3

487-0.*

487-0.1

487-0.1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "487-0.1ubuntu0.1~esm2",
            "binary_name": "less"
        },
        {
            "binary_version": "487-0.1ubuntu0.1~esm2",
            "binary_name": "less-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / less

Package

Name: less
Purl: pkg:deb/ubuntu/less?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

551-1ubuntu0.3

Affected versions

487-0.*

487-0.1build1

Other

551-1

551-1ubuntu0.*

551-1ubuntu0.1

551-1ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "551-1ubuntu0.3",
            "binary_name": "less"
        },
        {
            "binary_version": "551-1ubuntu0.3",
            "binary_name": "less-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / less

Package

Name: less
Purl: pkg:deb/ubuntu/less?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

590-1ubuntu0.22.04.3

Affected versions

Other

551-2

551-2build1

590-1

590-1build1

590-1ubuntu0.*

590-1ubuntu0.22.04.1

590-1ubuntu0.22.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "590-1ubuntu0.22.04.3",
            "binary_name": "less"
        },
        {
            "binary_version": "590-1ubuntu0.22.04.3",
            "binary_name": "less-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / less

Package

Name: less
Purl: pkg:deb/ubuntu/less?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

590-2ubuntu2.1

Affected versions

Other

590-2

590-2ubuntu1

590-2ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "590-2ubuntu2.1",
            "binary_name": "less"
        },
        {
            "binary_version": "590-2ubuntu2.1",
            "binary_name": "less-dbgsym"
        }
    ]
}