Skip to content

NetHack hilite_status parsing privilege escalation

High
nhkeni published GHSA-2ch6-6r8h-m2p9 Mar 8, 2020

Package

No package listed

Affected versions

>=3.6.1,<3.6.6

Patched versions

3.6.6

Description

Impact

Some out-of-bound values for the hilite_status option can be exploited.

Patches

NetHack 3.6.6 resolves this issue.

Workarounds

None.

Additional information, if any, will be made available at https://nethack.org/security.

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2020-5254

Weaknesses

No CWEs