CVE-2020-5253
3.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NetHack | NetHack | < 3.6.0 | affected |
Weaknesses
- CWE-184: CWE-184: Incomplete List of Disallowed Inputs
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
- https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8
References
- https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
- https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.