Vulnerability Details CVE-2020-5214
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 7.5
References
Products affected by CVE-2020-5214
-
cpe:2.3:a:nethack:nethack:3.2.2
-
cpe:2.3:a:nethack:nethack:3.2.3
-
cpe:2.3:a:nethack:nethack:3.3.0
-
cpe:2.3:a:nethack:nethack:3.4.0
-
cpe:2.3:a:nethack:nethack:3.4.1
-
cpe:2.3:a:nethack:nethack:3.4.2
-
cpe:2.3:a:nethack:nethack:3.4.3
-
cpe:2.3:a:nethack:nethack:3.4.4
-
cpe:2.3:a:nethack:nethack:3.5.0
-
cpe:2.3:a:nethack:nethack:3.6.0
-
cpe:2.3:a:nethack:nethack:3.6.1
-
cpe:2.3:a:nethack:nethack:3.6.2
-
cpe:2.3:a:nethack:nethack:3.6.3
-
cpe:2.3:a:nethack:nethack:3.6.4