CVE-2004-2264
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2004
Last modified:
03/04/2025
Description
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnu:less:358:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:less:381:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:less:382:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0794.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0811.html
- http://securitytracker.com/id?1010988=
- http://www.osvdb.org/9014
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17032
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0794.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0811.html
- http://securitytracker.com/id?1010988=
- http://www.osvdb.org/9014
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17032