Nethack
by Nethack
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-19905 | Cri | 0.57 | 9.8 | 0.03 | Dec 19, 2019 | NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files. | ||
| CVE-2023-24809 | Med | 0.36 | 5.5 | 0.00 | Feb 17, 2023 | NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have… | ||
| CVE-2020-5211 | Med | 0.26 | 5.0 | 0.01 | Jan 28, 2020 | In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid… | ||
| CVE-2020-5214 | Med | 0.26 | 5.0 | 0.01 | Jan 28, 2020 | In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to… | ||
| CVE-2020-5213 | Med | 0.26 | 5.0 | 0.01 | Jan 28, 2020 | In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that… | ||
| CVE-2020-5212 | Med | 0.26 | 5.0 | 0.01 | Jan 28, 2020 | In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared… | ||
| CVE-2020-5210 | Med | 0.26 | 5.0 | 0.01 | Jan 28, 2020 | In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users… | ||
| CVE-2020-5209 | Med | 0.26 | 5.0 | 0.01 | Jan 28, 2020 | In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to… | ||
| CVE-2020-5254 | Low | 0.25 | 3.9 | 0.01 | Mar 10, 2020 | In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue. | ||
| CVE-2020-5253 | Low | 0.25 | 3.9 | 0.01 | Mar 10, 2020 | NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. | ||
| CVE-2003-0358 | 0.03 | — | 0.01 | Jun 9, 2003 | Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option. | |||
| CVE-2003-0359 | 0.00 | — | 0.00 | Jul 24, 2003 | nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code. |
- risk 0.57cvss 9.8epss 0.03
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.
- risk 0.36cvss 5.5epss 0.00
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have…
- risk 0.26cvss 5.0epss 0.01
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid…
- risk 0.26cvss 5.0epss 0.01
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to…
- risk 0.26cvss 5.0epss 0.01
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that…
- risk 0.26cvss 5.0epss 0.01
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared…
- risk 0.26cvss 5.0epss 0.01
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users…
- risk 0.26cvss 5.0epss 0.01
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to…
- risk 0.25cvss 3.9epss 0.01
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
- risk 0.25cvss 3.9epss 0.01
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
- CVE-2003-0358Jun 9, 2003risk 0.03cvss —epss 0.01
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
- CVE-2003-0359Jul 24, 2003risk 0.00cvss —epss 0.00
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.