Vulnerability Details CVE-2020-5253
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.4%
CVSS Severity
CVSS v3 Score 3.9
CVSS v2 Score 7.5
References
- https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8
- https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
- https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8
- https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
Products affected by CVE-2020-5253
-
cpe:2.3:a:nethack:nethack:3.2.2
-
cpe:2.3:a:nethack:nethack:3.2.3
-
cpe:2.3:a:nethack:nethack:3.3.0
-
cpe:2.3:a:nethack:nethack:3.4.0
-
cpe:2.3:a:nethack:nethack:3.4.1
-
cpe:2.3:a:nethack:nethack:3.4.2
-
cpe:2.3:a:nethack:nethack:3.4.3
-
cpe:2.3:a:nethack:nethack:3.4.4
-
cpe:2.3:a:nethack:nethack:3.5.0