VYPR
← All advisories
Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026

CVE-2005-0086

CVE-2005-0086

Description

Heap-based buffer overflow in less on Red Hat Enterprise Linux 3 allows denial of service or code execution via a crafted file using UTF-8 locale.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-based buffer overflow in less on Red Hat Enterprise Linux 3 allows denial of service or code execution via a crafted file using UTF-8 locale.

Vulnerability

A heap-based buffer overflow vulnerability exists in the less file pager as shipped with Red Hat Enterprise Linux 3. The flaw is triggered when less processes a specially crafted file while running under a UTF-8 locale. This can lead to memory corruption and potential code execution. Affected versions include less packages prior to the update provided in RHSA-2005:068 [1][2].

Exploitation

An attacker can exploit this vulnerability by providing a malicious file to a victim who then opens it with less on a system configured to use a UTF-8 locale. No authentication is required, but the victim must interact by using less (e.g., scrolling through the file). The exploit leverages the heap buffer overflow to corrupt memory [2].

Impact

Successful exploitation allows the attacker to cause a denial of service (application crash) or potentially execute arbitrary code with the privileges of the user running less. This could lead to full compromise of the user's session and data [1].

Mitigation

The vulnerability is fixed in the less package updated via Red Hat Security Advisory RHSA-2005:068. Users should apply the update from Red Hat's errata. No workarounds are documented [1][2].

References
  1. Support
  2. Full Text Bug Listing

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Red Hat/Enterprise Linux Server3 versions
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • GNU/Lessllm-fuzzy
    Range: <= less-382-? (included in RHEL 3)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.