Bugzilla – Bug 1207815
VUL-0: CVE-2022-46663: less: filtering bypass in less -R leading to DoS
Last modified: 2024-04-19 09:06:34 UTC
Affected: - SUSE:SLE-15-SP4:Update - openSUSE:Factory Please consider upgrading to at least v609 or backporting [0]. [0] https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
Public in oss-sec: Hi, I discovered a way to bypass the escape sequence filtering performed by less -R due to incorrect terminal state machine handling. The fix is: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c but not yet part of any less release. An example that results in a DoS in xterm or iTerm 2 is: printf "\e]8;;\e0m\e[>0q" > less-example-xtversion less -R less-example-xtversion This has the result of getting the terminal to reply with something like "\eP>|name version". The "P" there makes less scroll up, the ">" makes it scroll down, and then it prints the same thing to the tty, rinse, repeat. This affects GNU less >= 566 (and <609, but version 608 is the last public release, the later version numbers are snapshots). David
SUSE-SU-2023:0348-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1207815 CVE References: CVE-2022-46663 JIRA References: Sources used: openSUSE Leap Micro 5.3 (src): less-590-150400.3.3.1 openSUSE Leap 15.4 (src): less-590-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): less-590-150400.3.3.1 SUSE Linux Enterprise Micro 5.3 (src): less-590-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Fixed in all affected code streams (SUSE:SLE-15-SP4:Update and Factory).
All done, closing.