Nethack Security Vulnerabilities and Issues — Nethack CVE List

Lucene search

NethackNethack

11 matches found

CVE•added 2023/02/17 8:15 p.m.•92 views

CVE-2023-24809

NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgi...

5.5CVSS5.7AI score0.00045EPSS

CVE•added 2019/12/19 6:15 p.m.•83 views

CVE-2019-19905

NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.

9.8CVSS9.6AI score0.03358EPSS

CVE•added 2003/06/09 4:0 a.m.•63 views

CVE-2003-0358

Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.

4.6CVSS6.4AI score0.00227EPSS

CVE•added 2020/01/28 6:15 p.m.•45 views

CVE-2020-5212

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users t...

9.8CVSS7.7AI score0.01836EPSS

CVE•added 2020/01/28 7:15 p.m.•43 views

CVE-2020-5211

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems th...

9.8CVSS7.8AI score0.01836EPSS

CVE•added 2020/01/28 6:15 p.m.•43 views

CVE-2020-5214

In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own co...

9.8CVSS7.7AI score0.01836EPSS

CVE•added 2020/01/28 6:15 p.m.•42 views

CVE-2020-5209

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line op...

7.8CVSS6.7AI score0.01694EPSS

CVE•added 2020/01/28 6:15 p.m.•41 views

CVE-2020-5210

In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence comman...

7.8CVSS6.7AI score0.01554EPSS

CVE•added 2020/01/28 6:15 p.m.•40 views

CVE-2020-5213

In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to uploa...

9.8CVSS7.7AI score0.01836EPSS

CVE•added 2020/03/10 5:15 p.m.•36 views

CVE-2020-5253

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.

9.8CVSS6.7AI score0.00184EPSS

CVE•added 2020/03/10 5:15 p.m.•31 views

CVE-2020-5254

In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.

8.1CVSS6AI score0.09282EPSS