CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5253 – Privilege escalation in NetHack
https://notcve.org/view.php?id=CVE-2020-5253
10 Mar 2020 — NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. NetHack versiones anteriores a la versión 3.6.0, permitía el uso malicioso del escape de caracteres en el archivo de configuración (comúnmente .nethackrc) que podría ser explotado. Este error está parcheado en NetHack 3.6.0. • https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8 • CWE-184: Incomplete List of Disallowed Inputs CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5211 – NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5211
28 Jan 2020 — In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un comando extendido no válido en valor para la opción de archivo de configur... • https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5212 – NetHack MENUCOLOR configuration file option is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5212
28 Jan 2020 — In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un valor extremadamente largo para la opción del archivo de configuración MENUCOLOR puede cau... • https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5213 – NetHack SYMBOL configuration file option is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5213
28 Jan 2020 — In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un valor demasiado largo para la opción del archivo de configuración SYMBOL puede causar un desborda... • https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5214 – NetHack error recovery after syntax error in configuration file is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5214
28 Jan 2020 — In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, la detección de una opción de archivo de configuración desconocida puede causar un desbordamiento del búfer result... • https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5209 – NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5209
28 Jan 2020 — In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, las opciones desconocidas que comienzan con -de y -i pueden causar un desbordamiento del búfer resultando en un bloqueo o en u... • https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5210 – NetHack command line -w option parsing is subject to a buffer overflow
https://notcve.org/view.php?id=CVE-2020-5210
28 Jan 2020 — In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. En NetHack versiones anteriores a 3.6.5, un argumento no válido para la opción de línea de comando -w puede causar un desbordamiento del búfer resultando en u... • https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0359
https://notcve.org/view.php?id=CVE-2003-0359
18 Jun 2003 — nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code. nethack 3.4.0 y anteriores instala ciertos binarios con permisos inseguros, lo que permite a usuarios locales ganar privilegios. • http://www.debian.org/security/2003/dsa-316 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 6CVE-2003-0358 – Nethack 3 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0358
30 May 2003 — Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option. Desbordamiento de búfer en nethack 3.4.0 y anteriores permite que usuarios locales obtengan privilegios mediante la opción -s en la línea de comandos. • https://www.exploit-db.com/exploits/22233 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •