Vulnerability Details CVE-2020-5210
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.6%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 4.6
References
- https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
- https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
- https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
- https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
Products affected by CVE-2020-5210
-
cpe:2.3:a:nethack:nethack:3.2.2
-
cpe:2.3:a:nethack:nethack:3.2.3
-
cpe:2.3:a:nethack:nethack:3.3.0
-
cpe:2.3:a:nethack:nethack:3.4.0
-
cpe:2.3:a:nethack:nethack:3.4.1
-
cpe:2.3:a:nethack:nethack:3.4.2
-
cpe:2.3:a:nethack:nethack:3.4.3
-
cpe:2.3:a:nethack:nethack:3.4.4
-
cpe:2.3:a:nethack:nethack:3.5.0
-
cpe:2.3:a:nethack:nethack:3.6.0
-
cpe:2.3:a:nethack:nethack:3.6.1
-
cpe:2.3:a:nethack:nethack:3.6.2
-
cpe:2.3:a:nethack:nethack:3.6.3
-
cpe:2.3:a:nethack:nethack:3.6.4