In NetHack before 3.6.5, an extremely long value for the MENUCOLOR
configuration file option can cause a buffer overflow resulting in a crash
or remote code execution/privilege escalation. This vulnerability affects
systems that have NetHack installed suid/sgid and shared systems that allow
users to upload their own configuration files. Users should upgrade to
NetHack 3.6.5.
#### Notes
Author| Note
---|---
[msalvatore](<https://launchpad.net/~msalvatore>) | Nethack is installed sgid games, but not suid or sgid root.
{"id": "UB:CVE-2020-5212", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2020-5212", "description": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR\nconfiguration file option can cause a buffer overflow resulting in a crash\nor remote code execution/privilege escalation. This vulnerability affects\nsystems that have NetHack installed suid/sgid and shared systems that allow\nusers to upload their own configuration files. Users should upgrade to\nNetHack 3.6.5.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[msalvatore](<https://launchpad.net/~msalvatore>) | Nethack is installed sgid games, but not suid or sgid root.\n", "published": "2020-01-28T00:00:00", "modified": "2020-01-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://ubuntu.com/security/CVE-2020-5212", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5212", "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56", "https://nvd.nist.gov/vuln/detail/CVE-2020-5212", "https://launchpad.net/bugs/cve/CVE-2020-5212", "https://security-tracker.debian.org/tracker/CVE-2020-5212"], "cvelist": ["CVE-2020-5212"], "immutableFields": [], "lastseen": "2022-08-04T13:32:03", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-5212"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-5212"]}, {"type": "mageia", "idList": ["MGASA-2021-0077"]}]}, "score": {"value": 3.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-5212"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-5212"]}]}, "exploitation": null, "vulnersScore": 3.9}, "_state": {"dependencies": 1660004461, "score": 1659901767}, "_internal": {"score_hash": "747d0bcc2e549caada5a5673310cd85d"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "nethack"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "3.6.5", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "nethack"}], "bugs": []}
{"debiancve": [{"lastseen": "2022-08-28T06:02:39", "description": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-28T18:15:00", "type": "debiancve", "title": "CVE-2020-5212", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5212"], "modified": "2020-01-28T18:15:00", "id": "DEBIANCVE:CVE-2020-5212", "href": "https://security-tracker.debian.org/tracker/CVE-2020-5212", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T18:36:57", "description": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-28T18:15:00", "type": "cve", "title": "CVE-2020-5212", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5212"], "modified": "2020-02-07T13:33:00", "cpe": [], "id": "CVE-2020-5212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5212", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "Updated nethack packages fix security vulnerabilities: NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files (CVE-2019-19905). In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options (CVE-2020-5209). In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options (CVE-2020-5210). In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5211). In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5212). In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5213). In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5214). In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited (CVE-2020-5254). The nethack package has been updated to version 3.6.6, fixing these issues and other bugs. See the upstream release notes for details. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-10T18:41:52", "type": "mageia", "title": "Updated nethack packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19905", "CVE-2020-5209", "CVE-2020-5210", "CVE-2020-5211", "CVE-2020-5212", "CVE-2020-5213", "CVE-2020-5214", "CVE-2020-5254"], "modified": "2021-02-10T18:41:52", "id": "MGASA-2021-0077", "href": "https://advisories.mageia.org/MGASA-2021-0077.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}