11 matches found
CVE-2019-19905
CVE-2019-19905 affects NetHack 3.6.x before 3.6.4, with a buffer overflow when reading very long lines from configuration files. Affects systems with NetHack installed as setuid/setgid and shared systems allowing user-uploaded configs. Practical impact is a buffer overflow; exploitation details a...
CVE-2023-24809
NetHack (the game) is affected by CVE-2023-24809. A vulnerability in the C (call) command in versions prior to 3.6.7 allows illegal input to cause a buffer overflow, potentially crashing the NetHack process on systems where the game runs with elevated privileges. The issue is resolved in NetHack ...
CVE-2003-0358
Buffer overflow in nethack (3.4.0 and earlier) and falconseye (1.9.3 and earlier) allows local users to gain gid 'games' via a long -s option. Debian advisories document the issue; falconseye is fixed in 1.9.3-7woody3 (DSA-350-1). For nethack, a Debian advisory (DSA-316) covers the fix and recomm...
CVE-2020-5209
CVE-2020-5209 affects NetHack versions prior to 3.6.5. The vulnerability arises from buffer overflow triggered by unknown command-line options starting with -de and -i, which can lead to a crash or remote code execution/privilege escalation on systems with NetHack installed setuid/sgid or shared ...
CVE-2020-5210
NetHack CVE-2020-5210 affects NetHack installations that run with privileged user rights (suid/sgid) on shared systems. The issue is caused by an invalid argument to the -w command line option in versions before 3.6.5, which can trigger a buffer overflow leading to a crash or remote code executio...
CVE-2020-5212
CVE-2020-5212 affects NetHack prior to 3.6.5. The vulnerability arises from an extremely long value for the MENUCOLOR configuration option, causing a buffer overflow that can crash the program or enable remote code execution/privilege escalation. It impacts systems with NetHack installed setuid/s...
CVE-2020-5214
NetHack before 3.6.5 is vulnerable to a buffer overflow when detecting an unknown configuration file option, potentially leading to a crash or remote code execution/privilege escalation on systems with NetHack installed as SUID/SGID or where users can upload configuration files. The issue is trac...
CVE-2020-5211
NetHack CVE-2020-5211 affects NetHack installations with suid/sgid and shared config-upload capabilities. The issue is an invalid extended command in the AUTOCOMPLETE option of the configuration file, causing a buffer overflow that can crash the process or enable remote code execution/privilege e...
CVE-2020-5213
CVE-2020-5213 affects NetHack before 3.6.5. A too-long value in the SYMBOL configuration option can cause a buffer overflow, leading to crash or remote code execution/privilege escalation on systems where NetHack is installed with suid/sgid and where users can upload configuration files. The docu...
CVE-2020-5253
Summary: NetHack before 3.6.0 allows malicious escaping of characters in the configuration file (usually .nethackrc), which could be exploited. This vulnerability is patched in NetHack 3.6.0. Impact (as per sources): CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no privileges, an...
CVE-2020-5254
CVE-2020-5254 affects NetHack up to 3.6.5, where some out-of-bounds values for the hilite_status option can be exploited. The issue is resolved in NetHack 3.6.6. Affected component: the hilite_status handling in NetHack configuration parsing (version gate from ≤3.6.5 to 3.6.6). The vulnerability ...