Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
22 vulnerabilities found for NetHack by NetHack
CVE-2023-24809 (GCVE-0-2023-24809)
Vulnerability from cvelistv5 – Published: 2023-02-17 19:41 – Updated: 2025-03-10 21:09
VLAI
Title
NetHack Call command buffer overflow
Summary
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
| https://nethack.org/security/CVE-2023-24809.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:19.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch"
},
{
"name": "https://nethack.org/security/CVE-2023-24809.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nethack.org/security/CVE-2023-24809.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:17.874184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:09:40.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.6.2, \u003c 3.6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the \"C\" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T19:41:24.248Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch"
},
{
"name": "https://nethack.org/security/CVE-2023-24809.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://nethack.org/security/CVE-2023-24809.html"
}
],
"source": {
"advisory": "GHSA-2cqv-5w4v-mgch",
"discovery": "UNKNOWN"
},
"title": "NetHack Call command buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-24809",
"datePublished": "2023-02-17T19:41:24.248Z",
"dateReserved": "2023-01-30T14:43:33.703Z",
"dateUpdated": "2025-03-10T21:09:40.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5254 (GCVE-0-2020-5254)
Vulnerability from cvelistv5 – Published: 2020-03-10 16:45 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack hilite_status parsing privilege escalation
Summary
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T16:45:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9"
}
],
"source": {
"advisory": "GHSA-2ch6-6r8h-m2p9",
"discovery": "UNKNOWN"
},
"title": "NetHack hilite_status parsing privilege escalation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5254",
"STATE": "PUBLIC",
"TITLE": "NetHack hilite_status parsing privilege escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.6"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9"
}
]
},
"source": {
"advisory": "GHSA-2ch6-6r8h-m2p9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5254",
"datePublished": "2020-03-10T16:45:14.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5253 (GCVE-0-2020-5253)
Vulnerability from cvelistv5 – Published: 2020-03-10 16:35 – Updated: 2024-08-04 08:22
VLAI
Title
Privilege escalation in NetHack
Summary
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
Severity
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
| https://github.com/NetHack/NetHack/commits/612755… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T16:35:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8"
}
],
"source": {
"advisory": "GHSA-2c7p-3fj4-223m",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in NetHack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5253",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in NetHack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.0"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-184: Incomplete List of Disallowed Inputs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m"
},
{
"name": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8"
}
]
},
"source": {
"advisory": "GHSA-2c7p-3fj4-223m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5253",
"datePublished": "2020-03-10T16:35:14.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5211 (GCVE-0-2020-5211)
Vulnerability from cvelistv5 – Published: 2020-01-28 17:55 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow
Summary
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:55:28.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7"
}
],
"source": {
"advisory": "GHSA-r788-4jf4-r9f7",
"discovery": "UNKNOWN"
},
"title": "NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5211",
"STATE": "PUBLIC",
"TITLE": "NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7"
}
]
},
"source": {
"advisory": "GHSA-r788-4jf4-r9f7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5211",
"datePublished": "2020-01-28T17:55:28.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5212 (GCVE-0-2020-5212)
Vulnerability from cvelistv5 – Published: 2020-01-28 17:55 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack MENUCOLOR configuration file option is subject to a buffer overflow
Summary
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:55:23.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56"
}
],
"source": {
"advisory": "GHSA-g89f-m829-4m56",
"discovery": "UNKNOWN"
},
"title": "NetHack MENUCOLOR configuration file option is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5212",
"STATE": "PUBLIC",
"TITLE": "NetHack MENUCOLOR configuration file option is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56"
}
]
},
"source": {
"advisory": "GHSA-g89f-m829-4m56",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5212",
"datePublished": "2020-01-28T17:55:23.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5213 (GCVE-0-2020-5213)
Vulnerability from cvelistv5 – Published: 2020-01-28 17:55 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack SYMBOL configuration file option is subject to a buffer overflow
Summary
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:55:18.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v"
}
],
"source": {
"advisory": "GHSA-rr25-4v34-pr7v",
"discovery": "UNKNOWN"
},
"title": "NetHack SYMBOL configuration file option is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5213",
"STATE": "PUBLIC",
"TITLE": "NetHack SYMBOL configuration file option is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v"
}
]
},
"source": {
"advisory": "GHSA-rr25-4v34-pr7v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5213",
"datePublished": "2020-01-28T17:55:18.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5214 (GCVE-0-2020-5214)
Vulnerability from cvelistv5 – Published: 2020-01-28 17:55 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack error recovery after syntax error in configuration file is subject to a buffer overflow
Summary
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:55:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6"
}
],
"source": {
"advisory": "GHSA-p8fw-rq89-xqx6",
"discovery": "UNKNOWN"
},
"title": "NetHack error recovery after syntax error in configuration file is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5214",
"STATE": "PUBLIC",
"TITLE": "NetHack error recovery after syntax error in configuration file is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6"
}
]
},
"source": {
"advisory": "GHSA-p8fw-rq89-xqx6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5214",
"datePublished": "2020-01-28T17:55:13.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5209 (GCVE-0-2020-5209)
Vulnerability from cvelistv5 – Published: 2020-01-28 17:50 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow
Summary
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/commit/f3def5c… | x_refsource_MISC |
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:50:19.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8"
}
],
"source": {
"advisory": "GHSA-fw72-r8xm-45p8",
"discovery": "UNKNOWN"
},
"title": "NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5209",
"STATE": "PUBLIC",
"TITLE": "NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
},
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8"
}
]
},
"source": {
"advisory": "GHSA-fw72-r8xm-45p8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5209",
"datePublished": "2020-01-28T17:50:19.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5210 (GCVE-0-2020-5210)
Vulnerability from cvelistv5 – Published: 2020-01-28 17:50 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack command line -w option parsing is subject to a buffer overflow
Summary
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
| https://github.com/NetHack/NetHack/commit/f3def5c… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:50:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
}
],
"source": {
"advisory": "GHSA-v5pg-hpjg-9rpp",
"discovery": "UNKNOWN"
},
"title": "NetHack command line -w option parsing is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5210",
"STATE": "PUBLIC",
"TITLE": "NetHack command line -w option parsing is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp"
},
{
"name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
}
]
},
"source": {
"advisory": "GHSA-v5pg-hpjg-9rpp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5210",
"datePublished": "2020-01-28T17:50:14.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19905 (GCVE-0-2019-19905)
Vulnerability from cvelistv5 – Published: 2019-12-19 17:39 – Updated: 2024-08-05 02:32
VLAI
Summary
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/947005 | x_refsource_MISC |
| https://github.com/NetHack/NetHack/commit/f4a840a… | x_refsource_MISC |
| https://github.com/NetHack/NetHack/commit/f001de7… | x_refsource_MISC |
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
| https://nethack.org/security/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:08.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/947005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nethack.org/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T16:40:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/947005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nethack.org/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/947005",
"refsource": "MISC",
"url": "https://bugs.debian.org/947005"
},
{
"name": "https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226"
},
{
"name": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47"
},
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5"
},
{
"name": "https://nethack.org/security/",
"refsource": "MISC",
"url": "https://nethack.org/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19905",
"datePublished": "2019-12-19T17:39:24.000Z",
"dateReserved": "2019-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:08.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0358 (GCVE-0-2003-0358)
Vulnerability from cvelistv5 – Published: 2003-05-30 04:00 – Updated: 2024-08-08 01:50
VLAI
Summary
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2003/dsa-350 | vendor-advisoryx_refsource_DEBIAN |
| http://www.debian.org/security/2003/dsa-316 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/6806 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/311172/200… | mailing-listx_refsource_BUGTRAQ |
| http://nethack.sourceforge.net/v340/bugmore/secpa… | x_refsource_CONFIRM |
Date Public
2003-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-350"
},
{
"name": "DSA-316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-316"
},
{
"name": "nethack-s-command-bo(11283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283"
},
{
"name": "6806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6806"
},
{
"name": "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-350"
},
{
"name": "DSA-316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-316"
},
{
"name": "nethack-s-command-bo(11283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283"
},
{
"name": "6806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6806"
},
{
"name": "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-350",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-350"
},
{
"name": "DSA-316",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-316"
},
{
"name": "nethack-s-command-bo(11283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283"
},
{
"name": "6806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6806"
},
{
"name": "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0"
},
{
"name": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt",
"refsource": "CONFIRM",
"url": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0358",
"datePublished": "2003-05-30T04:00:00.000Z",
"dateReserved": "2003-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:50:47.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24809 (GCVE-0-2023-24809)
Vulnerability from nvd – Published: 2023-02-17 19:41 – Updated: 2025-03-10 21:09
VLAI
Title
NetHack Call command buffer overflow
Summary
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
| https://nethack.org/security/CVE-2023-24809.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:19.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch"
},
{
"name": "https://nethack.org/security/CVE-2023-24809.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nethack.org/security/CVE-2023-24809.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:17.874184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:09:40.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.6.2, \u003c 3.6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the \"C\" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T19:41:24.248Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch"
},
{
"name": "https://nethack.org/security/CVE-2023-24809.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://nethack.org/security/CVE-2023-24809.html"
}
],
"source": {
"advisory": "GHSA-2cqv-5w4v-mgch",
"discovery": "UNKNOWN"
},
"title": "NetHack Call command buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-24809",
"datePublished": "2023-02-17T19:41:24.248Z",
"dateReserved": "2023-01-30T14:43:33.703Z",
"dateUpdated": "2025-03-10T21:09:40.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5254 (GCVE-0-2020-5254)
Vulnerability from nvd – Published: 2020-03-10 16:45 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack hilite_status parsing privilege escalation
Summary
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T16:45:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9"
}
],
"source": {
"advisory": "GHSA-2ch6-6r8h-m2p9",
"discovery": "UNKNOWN"
},
"title": "NetHack hilite_status parsing privilege escalation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5254",
"STATE": "PUBLIC",
"TITLE": "NetHack hilite_status parsing privilege escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.6"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9"
}
]
},
"source": {
"advisory": "GHSA-2ch6-6r8h-m2p9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5254",
"datePublished": "2020-03-10T16:45:14.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5253 (GCVE-0-2020-5253)
Vulnerability from nvd – Published: 2020-03-10 16:35 – Updated: 2024-08-04 08:22
VLAI
Title
Privilege escalation in NetHack
Summary
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
Severity
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
| https://github.com/NetHack/NetHack/commits/612755… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T16:35:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8"
}
],
"source": {
"advisory": "GHSA-2c7p-3fj4-223m",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in NetHack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5253",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in NetHack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.0"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-184: Incomplete List of Disallowed Inputs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m"
},
{
"name": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8"
}
]
},
"source": {
"advisory": "GHSA-2c7p-3fj4-223m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5253",
"datePublished": "2020-03-10T16:35:14.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5211 (GCVE-0-2020-5211)
Vulnerability from nvd – Published: 2020-01-28 17:55 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow
Summary
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:55:28.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7"
}
],
"source": {
"advisory": "GHSA-r788-4jf4-r9f7",
"discovery": "UNKNOWN"
},
"title": "NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5211",
"STATE": "PUBLIC",
"TITLE": "NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7"
}
]
},
"source": {
"advisory": "GHSA-r788-4jf4-r9f7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5211",
"datePublished": "2020-01-28T17:55:28.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5212 (GCVE-0-2020-5212)
Vulnerability from nvd – Published: 2020-01-28 17:55 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack MENUCOLOR configuration file option is subject to a buffer overflow
Summary
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:55:23.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56"
}
],
"source": {
"advisory": "GHSA-g89f-m829-4m56",
"discovery": "UNKNOWN"
},
"title": "NetHack MENUCOLOR configuration file option is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5212",
"STATE": "PUBLIC",
"TITLE": "NetHack MENUCOLOR configuration file option is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56"
}
]
},
"source": {
"advisory": "GHSA-g89f-m829-4m56",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5212",
"datePublished": "2020-01-28T17:55:23.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5213 (GCVE-0-2020-5213)
Vulnerability from nvd – Published: 2020-01-28 17:55 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack SYMBOL configuration file option is subject to a buffer overflow
Summary
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:55:18.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v"
}
],
"source": {
"advisory": "GHSA-rr25-4v34-pr7v",
"discovery": "UNKNOWN"
},
"title": "NetHack SYMBOL configuration file option is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5213",
"STATE": "PUBLIC",
"TITLE": "NetHack SYMBOL configuration file option is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v"
}
]
},
"source": {
"advisory": "GHSA-rr25-4v34-pr7v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5213",
"datePublished": "2020-01-28T17:55:18.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5214 (GCVE-0-2020-5214)
Vulnerability from nvd – Published: 2020-01-28 17:55 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack error recovery after syntax error in configuration file is subject to a buffer overflow
Summary
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:55:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6"
}
],
"source": {
"advisory": "GHSA-p8fw-rq89-xqx6",
"discovery": "UNKNOWN"
},
"title": "NetHack error recovery after syntax error in configuration file is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5214",
"STATE": "PUBLIC",
"TITLE": "NetHack error recovery after syntax error in configuration file is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6"
}
]
},
"source": {
"advisory": "GHSA-p8fw-rq89-xqx6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5214",
"datePublished": "2020-01-28T17:55:13.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5209 (GCVE-0-2020-5209)
Vulnerability from nvd – Published: 2020-01-28 17:50 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow
Summary
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/commit/f3def5c… | x_refsource_MISC |
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:50:19.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8"
}
],
"source": {
"advisory": "GHSA-fw72-r8xm-45p8",
"discovery": "UNKNOWN"
},
"title": "NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5209",
"STATE": "PUBLIC",
"TITLE": "NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
},
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8"
}
]
},
"source": {
"advisory": "GHSA-fw72-r8xm-45p8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5209",
"datePublished": "2020-01-28T17:50:19.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5210 (GCVE-0-2020-5210)
Vulnerability from nvd – Published: 2020-01-28 17:50 – Updated: 2024-08-04 08:22
VLAI
Title
NetHack command line -w option parsing is subject to a buffer overflow
Summary
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Severity
5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
| https://github.com/NetHack/NetHack/commit/f3def5c… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetHack",
"vendor": "NetHack",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:50:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
}
],
"source": {
"advisory": "GHSA-v5pg-hpjg-9rpp",
"discovery": "UNKNOWN"
},
"title": "NetHack command line -w option parsing is subject to a buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5210",
"STATE": "PUBLIC",
"TITLE": "NetHack command line -w option parsing is subject to a buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetHack",
"version": {
"version_data": [
{
"version_value": "\u003c 3.6.5"
}
]
}
}
]
},
"vendor_name": "NetHack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp"
},
{
"name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77"
}
]
},
"source": {
"advisory": "GHSA-v5pg-hpjg-9rpp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5210",
"datePublished": "2020-01-28T17:50:14.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19905 (GCVE-0-2019-19905)
Vulnerability from nvd – Published: 2019-12-19 17:39 – Updated: 2024-08-05 02:32
VLAI
Summary
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/947005 | x_refsource_MISC |
| https://github.com/NetHack/NetHack/commit/f4a840a… | x_refsource_MISC |
| https://github.com/NetHack/NetHack/commit/f001de7… | x_refsource_MISC |
| https://github.com/NetHack/NetHack/security/advis… | x_refsource_CONFIRM |
| https://nethack.org/security/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:08.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/947005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nethack.org/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T16:40:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/947005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nethack.org/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/947005",
"refsource": "MISC",
"url": "https://bugs.debian.org/947005"
},
{
"name": "https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226"
},
{
"name": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47",
"refsource": "MISC",
"url": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47"
},
{
"name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5",
"refsource": "CONFIRM",
"url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5"
},
{
"name": "https://nethack.org/security/",
"refsource": "MISC",
"url": "https://nethack.org/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19905",
"datePublished": "2019-12-19T17:39:24.000Z",
"dateReserved": "2019-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:08.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0358 (GCVE-0-2003-0358)
Vulnerability from nvd – Published: 2003-05-30 04:00 – Updated: 2024-08-08 01:50
VLAI
Summary
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2003/dsa-350 | vendor-advisoryx_refsource_DEBIAN |
| http://www.debian.org/security/2003/dsa-316 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/6806 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/311172/200… | mailing-listx_refsource_BUGTRAQ |
| http://nethack.sourceforge.net/v340/bugmore/secpa… | x_refsource_CONFIRM |
Date Public
2003-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-350"
},
{
"name": "DSA-316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-316"
},
{
"name": "nethack-s-command-bo(11283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283"
},
{
"name": "6806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6806"
},
{
"name": "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-350"
},
{
"name": "DSA-316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-316"
},
{
"name": "nethack-s-command-bo(11283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283"
},
{
"name": "6806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6806"
},
{
"name": "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-350",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-350"
},
{
"name": "DSA-316",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-316"
},
{
"name": "nethack-s-command-bo(11283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283"
},
{
"name": "6806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6806"
},
{
"name": "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0"
},
{
"name": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt",
"refsource": "CONFIRM",
"url": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0358",
"datePublished": "2003-05-30T04:00:00.000Z",
"dateReserved": "2003-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:50:47.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}