Skip to main content

Nethack

10 CVEs product

Monthly

CVE-2023-24809 MEDIUM This Month

NetHack is a single player dungeon exploration game. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Nethack
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-5254 HIGH This Week

In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Nethack
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-5253 CRITICAL PATCH Act Now

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-5211 CRITICAL Act Now

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-5214 CRITICAL Act Now

In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-5213 CRITICAL Act Now

In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-5212 CRITICAL Act Now

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-5210 HIGH PATCH This Week

In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-5209 HIGH PATCH This Week

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-19905 CRITICAL PATCH Act Now

NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
EPSS 0% CVSS 5.5
MEDIUM This Month

NetHack is a single player dungeon exploration game. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Nethack
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Nethack
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nethack
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Privilege Escalation +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Nethack
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy