Skip to content

NetHack: Privilege escalation/remote code execution/crash in configuration parsing

High
nhkeni published GHSA-3cm7-rgh5-9pq5 Dec 18, 2019

Package

NetHack

Affected versions

>= 3.6.0, <3.6.4

Patched versions

3.6.4

Description

A buffer overflow issue exists when reading very long lines from a NetHack configuration file (usually named .nethackrc).

This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.

All users are urged to upgrade to NetHack 3.6.4 as soon as possible.

Additional information related to this advisory, if any, will be made available at https://nethack.org/security.

Severity

High

CVE ID

CVE-2019-16787

Weaknesses

No CWEs