CVE-2022-44542: n/a in n/a
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.
AI Analysis
Technical Summary
CVE-2022-44542 is a critical remote code execution vulnerability found in lesspipe versions prior to 2.06. lesspipe is a shell script used to preprocess files for viewing in pagers like less. The vulnerability arises due to unsafe deserialization of Perl Storable (pst) files. Specifically, lesspipe processes these pst files by deserializing objects without proper validation, which allows an attacker to craft malicious serialized data containing a key/value pair in a hash that triggers execution of a destructor method during deserialization. This leads to arbitrary code execution in the context of the user running lesspipe, without requiring any authentication or user interaction. The CVSS 3.1 base score is 9.8 (critical), reflecting the high impact on confidentiality, integrity, and availability, combined with ease of exploitation over the network without privileges. The underlying weakness is CWE-502: Deserialization of Untrusted Data. Although no known exploits in the wild have been reported, the vulnerability is severe due to the nature of deserialization flaws and the potential for remote exploitation. lesspipe is commonly used in Unix-like environments, often integrated into shell environments for enhanced file viewing capabilities. The lack of a vendor or product name in the record suggests this is a community or open-source tool rather than a commercial product. No official patches or fixes are linked yet, so users must be cautious and monitor for updates.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those relying on Linux or Unix-based systems where lesspipe is deployed as part of the command-line toolchain. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to full system compromise, data theft, or disruption of services. This is particularly concerning for critical infrastructure, government agencies, and enterprises with sensitive data or operational technology environments. Since lesspipe is often used by system administrators and developers, exploitation could lead to privilege escalation or lateral movement within networks. The vulnerability's impact on confidentiality, integrity, and availability is high, potentially enabling attackers to implant persistent backdoors or disrupt business operations. The lack of authentication and user interaction requirements increases the attack surface, making automated exploitation feasible. European organizations with open-source software dependencies or those that integrate lesspipe into their workflows must prioritize mitigation to avoid exposure.
Mitigation Recommendations
Immediate mitigation steps include auditing systems to identify installations of lesspipe and verifying their versions. Until an official patch is released, organizations should consider disabling lesspipe or restricting its usage to trusted users and environments. Employing application whitelisting and restricting execution privileges can limit the impact of exploitation. Monitoring logs for unusual deserialization activity or unexpected execution patterns may help detect attempted exploitation. Network segmentation and limiting exposure of systems running lesspipe to untrusted networks will reduce risk. Organizations should subscribe to relevant security advisories and update lesspipe to version 2.06 or later once available. Additionally, applying general best practices for handling serialized data—such as avoiding deserialization of untrusted input—should be enforced in custom scripts or tools. Security teams should conduct penetration testing and vulnerability scans focusing on deserialization flaws to identify other potential weaknesses.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-44542: n/a in n/a
Description
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.
AI-Powered Analysis
Technical Analysis
CVE-2022-44542 is a critical remote code execution vulnerability found in lesspipe versions prior to 2.06. lesspipe is a shell script used to preprocess files for viewing in pagers like less. The vulnerability arises due to unsafe deserialization of Perl Storable (pst) files. Specifically, lesspipe processes these pst files by deserializing objects without proper validation, which allows an attacker to craft malicious serialized data containing a key/value pair in a hash that triggers execution of a destructor method during deserialization. This leads to arbitrary code execution in the context of the user running lesspipe, without requiring any authentication or user interaction. The CVSS 3.1 base score is 9.8 (critical), reflecting the high impact on confidentiality, integrity, and availability, combined with ease of exploitation over the network without privileges. The underlying weakness is CWE-502: Deserialization of Untrusted Data. Although no known exploits in the wild have been reported, the vulnerability is severe due to the nature of deserialization flaws and the potential for remote exploitation. lesspipe is commonly used in Unix-like environments, often integrated into shell environments for enhanced file viewing capabilities. The lack of a vendor or product name in the record suggests this is a community or open-source tool rather than a commercial product. No official patches or fixes are linked yet, so users must be cautious and monitor for updates.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those relying on Linux or Unix-based systems where lesspipe is deployed as part of the command-line toolchain. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to full system compromise, data theft, or disruption of services. This is particularly concerning for critical infrastructure, government agencies, and enterprises with sensitive data or operational technology environments. Since lesspipe is often used by system administrators and developers, exploitation could lead to privilege escalation or lateral movement within networks. The vulnerability's impact on confidentiality, integrity, and availability is high, potentially enabling attackers to implant persistent backdoors or disrupt business operations. The lack of authentication and user interaction requirements increases the attack surface, making automated exploitation feasible. European organizations with open-source software dependencies or those that integrate lesspipe into their workflows must prioritize mitigation to avoid exposure.
Mitigation Recommendations
Immediate mitigation steps include auditing systems to identify installations of lesspipe and verifying their versions. Until an official patch is released, organizations should consider disabling lesspipe or restricting its usage to trusted users and environments. Employing application whitelisting and restricting execution privileges can limit the impact of exploitation. Monitoring logs for unusual deserialization activity or unexpected execution patterns may help detect attempted exploitation. Network segmentation and limiting exposure of systems running lesspipe to untrusted networks will reduce risk. Organizations should subscribe to relevant security advisories and update lesspipe to version 2.06 or later once available. Additionally, applying general best practices for handling serialized data—such as avoiding deserialization of untrusted input—should be enforced in custom scripts or tools. Security teams should conduct penetration testing and vulnerability scans focusing on deserialization flaws to identify other potential weaknesses.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-01T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981fc4522896dcbdca6d
Added to database: 5/21/2025, 9:08:47 AM
Last enriched: 7/3/2025, 1:44:08 PM
Last updated: 8/12/2025, 9:45:39 PM
Views: 13
Related Threats
CVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighCVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.