CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24809 – NetHack Call command buffer overflow
https://notcve.org/view.php?id=CVE-2023-24809
17 Feb 2023 — NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. • https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 8%CPEs: 1EXPL: 1CVE-2020-5254 – NetHack hilite_status parsing privilege escalation
https://notcve.org/view.php?id=CVE-2020-5254
10 Mar 2020 — In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue. En NetHack versiones anteriores a la versión 3.6.6, algunos valores fuera de límite para la opción hilite_status pueden ser explotados. NetHack versión 3.6.6 resuelve este problema. • https://github.com/dpmdpm2/CVE-2020-5254 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5253 – Privilege escalation in NetHack
https://notcve.org/view.php?id=CVE-2020-5253
10 Mar 2020 — NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. NetHack versiones anteriores a la versión 3.6.0, permitía el uso malicioso del escape de caracteres en el archivo de configuración (comúnmente .nethackrc) que podría ser explotado. Este error está parcheado en NetHack 3.6.0. • https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8 • CWE-184: Incomplete List of Disallowed Inputs CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5211 – NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5211
28 Jan 2020 — In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un comando extendido no válido en valor para la opción de archivo de configur... • https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5212 – NetHack MENUCOLOR configuration file option is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5212
28 Jan 2020 — In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un valor extremadamente largo para la opción del archivo de configuración MENUCOLOR puede cau... • https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5213 – NetHack SYMBOL configuration file option is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5213
28 Jan 2020 — In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un valor demasiado largo para la opción del archivo de configuración SYMBOL puede causar un desborda... • https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5214 – NetHack error recovery after syntax error in configuration file is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5214
28 Jan 2020 — In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, la detección de una opción de archivo de configuración desconocida puede causar un desbordamiento del búfer result... • https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5209 – NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5209
28 Jan 2020 — In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, las opciones desconocidas que comienzan con -de y -i pueden causar un desbordamiento del búfer resultando en un bloqueo o en u... • https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5210 – NetHack command line -w option parsing is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5210
28 Jan 2020 — In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un argumento no válido para la opción de línea de comando -w puede causar un desbordamiento del búfer resultando en u... • https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2019-19905
https://notcve.org/view.php?id=CVE-2019-19905
19 Dec 2019 — NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files. NetHack 3.6.x anterior a la versión de 3.6.4 es propenso a una vulnerabilidad de desbordamiento de búfer al leer líneas muy largas de archivos de configuración. Esto afecta los sistemas que tienen NetHack instalado suid / sgid y los sistemas compart... • https://github.com/dpmdpm2/CVE-2019-19905 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •