Lucene search
K
NethackNethack

11 matches found

CVE
CVE
added 2019/12/19 5:39 p.m.105 views

CVE-2019-19905

CVE-2019-19905 affects NetHack 3.6.x before 3.6.4, with a buffer overflow when reading very long lines from configuration files. Affects systems with NetHack installed as setuid/setgid and shared systems allowing user-uploaded configs. Practical impact is a buffer overflow; exploitation details a...

9.8CVSS9.6AI score0.03384EPSS
CVE
CVE
added 2023/02/17 7:41 p.m.103 views

CVE-2023-24809

NetHack (the game) is affected by CVE-2023-24809. A vulnerability in the C (call) command in versions prior to 3.6.7 allows illegal input to cause a buffer overflow, potentially crashing the NetHack process on systems where the game runs with elevated privileges. The issue is resolved in NetHack ...

5.5CVSS5.7AI score0.00235EPSS
CVE
CVE
added 2003/05/30 4:0 a.m.84 views

CVE-2003-0358

Buffer overflow in nethack (3.4.0 and earlier) and falconseye (1.9.3 and earlier) allows local users to gain gid 'games' via a long -s option. Debian advisories document the issue; falconseye is fixed in 1.9.3-7woody3 (DSA-350-1). For nethack, a Debian advisory (DSA-316) covers the fix and recomm...

4.6CVSS6.4AI score0.01217EPSS
CVE
CVE
added 2020/01/28 5:50 p.m.63 views

CVE-2020-5209

CVE-2020-5209 affects NetHack versions prior to 3.6.5. The vulnerability arises from buffer overflow triggered by unknown command-line options starting with -de and -i, which can lead to a crash or remote code execution/privilege escalation on systems with NetHack installed setuid/sgid or shared ...

7.8CVSS6.7AI score0.00803EPSS
CVE
CVE
added 2020/01/28 5:50 p.m.59 views

CVE-2020-5210

NetHack CVE-2020-5210 affects NetHack installations that run with privileged user rights (suid/sgid) on shared systems. The issue is caused by an invalid argument to the -w command line option in versions before 3.6.5, which can trigger a buffer overflow leading to a crash or remote code executio...

7.8CVSS6.7AI score0.00802EPSS
CVE
CVE
added 2020/01/28 5:55 p.m.58 views

CVE-2020-5212

CVE-2020-5212 affects NetHack prior to 3.6.5. The vulnerability arises from an extremely long value for the MENUCOLOR configuration option, causing a buffer overflow that can crash the program or enable remote code execution/privilege escalation. It impacts systems with NetHack installed setuid/s...

9.8CVSS7.7AI score0.01067EPSS
CVE
CVE
added 2020/01/28 5:55 p.m.58 views

CVE-2020-5214

NetHack before 3.6.5 is vulnerable to a buffer overflow when detecting an unknown configuration file option, potentially leading to a crash or remote code execution/privilege escalation on systems with NetHack installed as SUID/SGID or where users can upload configuration files. The issue is trac...

9.8CVSS7.7AI score0.01068EPSS
CVE
CVE
added 2020/01/28 5:55 p.m.57 views

CVE-2020-5211

NetHack CVE-2020-5211 affects NetHack installations with suid/sgid and shared config-upload capabilities. The issue is an invalid extended command in the AUTOCOMPLETE option of the configuration file, causing a buffer overflow that can crash the process or enable remote code execution/privilege e...

9.8CVSS7.8AI score0.01068EPSS
CVE
CVE
added 2020/01/28 5:55 p.m.56 views

CVE-2020-5213

CVE-2020-5213 affects NetHack before 3.6.5. A too-long value in the SYMBOL configuration option can cause a buffer overflow, leading to crash or remote code execution/privilege escalation on systems where NetHack is installed with suid/sgid and where users can upload configuration files. The docu...

9.8CVSS7.7AI score0.01067EPSS
CVE
CVE
added 2020/03/10 4:35 p.m.49 views

CVE-2020-5253

Summary: NetHack before 3.6.0 allows malicious escaping of characters in the configuration file (usually .nethackrc), which could be exploited. This vulnerability is patched in NetHack 3.6.0. Impact (as per sources): CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no privileges, an...

9.8CVSS6.7AI score0.00543EPSS
CVE
CVE
added 2020/03/10 4:45 p.m.45 views

CVE-2020-5254

CVE-2020-5254 affects NetHack up to 3.6.5, where some out-of-bounds values for the hilite_status option can be exploited. The issue is resolved in NetHack 3.6.6. Affected component: the hilite_status handling in NetHack configuration parsing (version gate from ≤3.6.5 to 3.6.6). The vulnerability ...

8.1CVSS6AI score0.01132EPSS