Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 893530 (CVE-2022-46663)

Summary: <sys-apps/less-608-r2: less -R filtering bypass
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: allenwebb, base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2023/02/07/7
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 894482    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-02-07 19:35:33 UTC 
https://www.openwall.com/lists/oss-security/2023/02/07/7

""
Hi,

I discovered a way to bypass the escape sequence filtering performed
by less -R due to incorrect terminal state machine handling.

The fix is:
https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
but not yet part of any less release.

An example that results in a DoS in xterm or iTerm 2 is:
printf "\e]8;;\e0m\e[>0q" > less-example-xtversion
less -R less-example-xtversion

This has the result of getting the terminal to reply with something
like "\eP>|name version". The "P" there makes less scroll up, the ">"
makes it scroll down, and then it prints the same thing to the tty,
rinse, repeat.

This affects GNU less >= 566 (and <609, but version 608 is the last
public release, the later version numbers are snapshots).

David
"""
Comment 1 Larry the Git Cow gentoo-dev 2023-02-09 03:54:47 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91641abac0747b8c2b701acb7acfc6d7e3f82c37

commit 91641abac0747b8c2b701acb7acfc6d7e3f82c37
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-02-09 03:45:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-02-09 03:54:09 +0000

    sys-apps/less: patch CVE-2022-46663
    
    Bug: https://bugs.gentoo.org/893530
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-apps/less/files/less-608-CVE-2022-46663.patch | 22 +++++++++
 sys-apps/less/less-608-r2.ebuild                  | 60 +++++++++++++++++++++++
 2 files changed, 82 insertions(+)
Comment 2 Hans de Graaff gentoo-dev Security 2023-10-08 10:39:32 UTC 
Ping. Please clean up vulnerable less-608-r1.
Comment 3 Larry the Git Cow gentoo-dev 2023-10-10 06:28:22 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e4a47f747e38bf26733ce68c8e1a738f3e70725d

commit e4a47f747e38bf26733ce68c8e1a738f3e70725d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-10 06:27:22 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-10-10 06:28:14 +0000

    [ GLSA 202310-11 ] less: Denial of service
    
    Bug: https://bugs.gentoo.org/893530
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202310-11.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2023-10-10 06:30:29 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3e209c807879be3c67e1ce65900e88234a03d95

commit f3e209c807879be3c67e1ce65900e88234a03d95
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-10-10 06:29:17 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-10-10 06:29:59 +0000

    sys-apps/less: drop 608-r1
    
    Bug: https://bugs.gentoo.org/893530
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-apps/less/less-608-r1.ebuild | 58 ----------------------------------------
 1 file changed, 58 deletions(-)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-10-10 06:30:43 UTC 
All done.