https://www.openwall.com/lists/oss-security/2023/02/07/7 "" Hi, I discovered a way to bypass the escape sequence filtering performed by less -R due to incorrect terminal state machine handling. The fix is: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c but not yet part of any less release. An example that results in a DoS in xterm or iTerm 2 is: printf "\e]8;;\e0m\e[>0q" > less-example-xtversion less -R less-example-xtversion This has the result of getting the terminal to reply with something like "\eP>|name version". The "P" there makes less scroll up, the ">" makes it scroll down, and then it prints the same thing to the tty, rinse, repeat. This affects GNU less >= 566 (and <609, but version 608 is the last public release, the later version numbers are snapshots). David """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91641abac0747b8c2b701acb7acfc6d7e3f82c37 commit 91641abac0747b8c2b701acb7acfc6d7e3f82c37 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-02-09 03:45:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-02-09 03:54:09 +0000 sys-apps/less: patch CVE-2022-46663 Bug: https://bugs.gentoo.org/893530 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/less/files/less-608-CVE-2022-46663.patch | 22 +++++++++ sys-apps/less/less-608-r2.ebuild | 60 +++++++++++++++++++++++ 2 files changed, 82 insertions(+)
