Unrated severityNVD Advisory· Published Feb 17, 2023· Updated Mar 10, 2025

NetHack Call command buffer overflow

CVE-2023-24809

Description

NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.

Affected products

Nethack/Nethackv5
Range: >= 3.6.2, < 3.6.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgchmitrex_refsource_CONFIRM
nethack.org/security/CVE-2023-24809.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000