CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24809 – NetHack Call command buffer overflow
https://notcve.org/view.php?id=CVE-2023-24809
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. • https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch https://nethack.org/security/CVE-2023-24809.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5254 – NetHack hilite_status parsing privilege escalation
https://notcve.org/view.php?id=CVE-2020-5254
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue. En NetHack versiones anteriores a la versión 3.6.6, algunos valores fuera de límite para la opción hilite_status pueden ser explotados. NetHack versión 3.6.6 resuelve este problema. • https://github.com/dpmdpm2/CVE-2020-5254 https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5253 – Privilege escalation in NetHack
https://notcve.org/view.php?id=CVE-2020-5253
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. NetHack versiones anteriores a la versión 3.6.0, permitía el uso malicioso del escape de caracteres en el archivo de configuración (comúnmente .nethackrc) que podría ser explotado. Este error está parcheado en NetHack 3.6.0. • https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8 https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m • CWE-184: Incomplete List of Disallowed Inputs CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-5211 – NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5211
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un comando extendido no válido en valor para la opción de archivo de configuración AUTOCOMPLETE puede causar un desbordamiento del búfer resultando en un bloqueo o escalada de privilegios o una ejecución de código remota. Esta vulnerabilidad afecta a los sistemas que tienen instalado suid/sgid de NetHack y sistemas compartidos que permiten a usuarios cargar sus propios archivos de configuración. • https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-5212 – NetHack MENUCOLOR configuration file option is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5212
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un valor extremadamente largo para la opción del archivo de configuración MENUCOLOR puede causar un desbordamiento del búfer resultando en un bloqueo o una ejecución de código remota/escalada de privilegios. Esta vulnerabilidad afecta a los sistemas que tienen instalado suid/sgid de NetHack y sistemas compartidos que permiten a usuarios cargar sus propios archivos de configuración. • https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •