CVE-2022-44542

critical

Description

lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.

References

https://bugs.gentoo.org/865631

https://github.com/wofr06/lesspipe/releases/tag/v2.06

https://security.gentoo.org/glsa/202211-02

Details

Source: MITRE

Published: 2022-11-01

Updated: 2022-12-22

Type: CWE-502