CVE-2020-5253

critical

Description

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.

References

Advisories

https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m

https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8

Details

Source: Mitre, NVD

Published: 2020-03-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00133

Detections

Analytics