Back to search
CVE-2004-2264
Published: Jul 19, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
9014
vdb-entry
x_refsource_OSVDB
1010988
vdb-entry
x_refsource_SECTRACK
less-filename-format-string(17032)
vdb-entry
x_refsource_XF
20040818 gnu-less Format String Vulnerability
mailing-list
x_refsource_FULLDISC
20040818 Re: gnu-less Format String Vulnerability
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now