PT-2023-1363 · Less+8 · Less+8

David Leadbeater

Publicado

2023-02-07

Atualizado

2025-03-25

CVE-2022-46663

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Less versions prior to 609

Description The issue is related to incorrect filtering of ANSI escape sequences when processing the -R element. This can be exploited by an attacker to elevate privileges using a specially crafted hyperlink with OSC 8 support. Crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.

Recommendations For versions prior to 609, update to version 609 or later to resolve the issue. As a temporary workaround, consider disabling the use of the -R option until a patch is available. Restrict access to potentially malicious hyperlinks to minimize the risk of exploitation.

Correção

Improper Neutralization

Special Elements Injection

Improper Encoding or Escaping of Output

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-707CWE-74CWE-116

Identificadores relacionados

ALSA-2023:3725

ALT-PU-2023-4395

ALT-PU-2023-4415

AZL-13350

BDU:2023-00696

CVE-2022-46663

OESA-2023-1129

OPENSUSE-SU-2023_0348-1

OPENSUSE-SU-2024:12671-1

RHSA-2023:3725

RHSA-2023_3725

RLSA-2023:3725

ROSA-SA-2023-2238

SUSE-SU-2023:0348-1

SUSE-SU-2023_0348-1

USN-5848-1

Produtos afetados

Alt Linux

Almalinux

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Less

PT-2023-1363 · Less+8 · Less+8

CVE-2022-46663

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 44