Nethack Security Vulnerabilities and Issues — Nethack CVE List

Lucene search

NethackNethack

8 matches found

CVE•added 2020/01/28 6:15 p.m.•45 views

CVE-2020-5212

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users t...

9.8CVSS7.7AI score0.01836EPSS

CVE•added 2020/01/28 7:15 p.m.•43 views

CVE-2020-5211

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems th...

9.8CVSS7.8AI score0.01836EPSS

CVE•added 2020/01/28 6:15 p.m.•43 views

CVE-2020-5214

In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own co...

9.8CVSS7.7AI score0.01836EPSS

CVE•added 2020/01/28 6:15 p.m.•42 views

CVE-2020-5209

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line op...

7.8CVSS6.7AI score0.01694EPSS

CVE•added 2020/01/28 6:15 p.m.•41 views

CVE-2020-5210

In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence comman...

7.8CVSS6.7AI score0.01554EPSS

CVE•added 2020/01/28 6:15 p.m.•40 views

CVE-2020-5213

In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to uploa...

9.8CVSS7.7AI score0.01836EPSS

CVE•added 2020/03/10 5:15 p.m.•36 views

CVE-2020-5253

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.

9.8CVSS6.7AI score0.001EPSS

CVE•added 2020/03/10 5:15 p.m.•32 views

CVE-2020-5254

In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.

8.1CVSS6AI score0.09282EPSS