Vulnerability CVE-2022-46663: Information
Description
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
less | sisyphus | 633-alt1 | 633-alt1 | ALT-PU-2023-4395-1 | 324814 | Fixed |
less | sisyphus_e2k | 633-alt1 | 633-alt1 | ALT-PU-2023-4428-1 | - | Fixed |
less | sisyphus_riscv64 | 633-alt1 | 633-alt1 | ALT-PU-2023-4424-1 | - | Fixed |
less | c10f1 | 633-alt1 | 633-alt1 | ALT-PU-2023-4415-2 | 324874 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c |
|
http://www.greenwoodsoftware.com/less/news.609.html |
|
https://www.openwall.com/lists/oss-security/2023/02/07/7 |
|
[oss-security] 20230207 CVE-2022-46663: less -R filtering bypass |
|
GLSA-202310-11 |
|
FEDORA-2023-71442d7613 |