Vulnerability CVE-2022-46663: Information

Description

In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-46663
Published: Feb. 8, 2023
Modified: Nov. 7, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
lesssisyphus633-alt1633-alt1ALT-PU-2023-4395-1324814Fixed
lesssisyphus_e2k633-alt1633-alt1ALT-PU-2023-4428-1-Fixed
lesssisyphus_riscv64633-alt1633-alt1ALT-PU-2023-4424-1-Fixed
lessc10f1633-alt1633-alt1ALT-PU-2023-4415-2324874Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
  • Patch
http://www.greenwoodsoftware.com/less/news.609.html
  • Broken Link
https://www.openwall.com/lists/oss-security/2023/02/07/7
  • Mailing List
  • Patch
  • Third Party Advisory
[oss-security] 20230207 CVE-2022-46663: less -R filtering bypass
  • Mailing List
  • Third Party Advisory
GLSA-202310-11
  • Third Party Advisory
FEDORA-2023-71442d7613

      1. Configuration 1

        cpe:2.3:a:gnu:less:*:*:*:*:*:*:*:*
        Start including
        566
        End excliding
        609

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top