Aggregates CVE and security vulnerability intelligence across all nethack-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow, with potential vendor impact application crash and vendor impact memory corruption across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-24809 | NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds. | [email protected] | 5.5 | 0.06% | 2023-02-17 | 2024-11-21 |
| CVE-2020-5254 | In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue. | [email protected] | 3.9 | 9.28% | 2020-03-10 | 2024-11-21 |
| CVE-2020-5253 | NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. | [email protected] | 3.9 | 0.20% | 2020-03-10 | 2024-11-21 |
| CVE-2020-5211 | In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | [email protected] | 5.0 | 1.84% | 2020-01-28 | 2024-11-21 |
| CVE-2020-5214 | In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | [email protected] | 5.0 | 1.84% | 2020-01-28 | 2024-11-21 |
| CVE-2020-5213 | In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | [email protected] | 5.0 | 1.84% | 2020-01-28 | 2024-11-21 |
| CVE-2020-5212 | In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | [email protected] | 5.0 | 1.84% | 2020-01-28 | 2024-11-21 |
| CVE-2020-5210 | In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. | [email protected] | 5.0 | 1.55% | 2020-01-28 | 2024-11-21 |
| CVE-2020-5209 | In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. | [email protected] | 5.0 | 1.69% | 2020-01-28 | 2024-11-21 |
| CVE-2019-19905 | NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files. | [email protected] | 9.8 | 2.72% | 2019-12-19 | 2024-11-21 |
| CVE-2003-0358 | Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option. | [email protected] | 4.6 | 0.23% | 2003-06-09 | 2026-04-16 |