Candidate: CVE-2020-5253
PublicDate: 2020-03-10 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5253
 https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
 https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8
 https://nethack.org/security/CVE-2020-5253.html
Description:
 NetHack before version 3.6.0 allowed malicious use of escaping of
 characters in the configuration file (usually .nethackrc) which could be
 exploited. This bug is patched in NetHack 3.6.0.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_nethack:
upstream_nethack: released (3.6.0-1)
precise/esm_nethack: DNE
trusty_nethack: ignored (out of standard support)
trusty/esm_nethack: DNE
xenial_nethack: ignored (end of standard support, was needed)
bionic_nethack: not-affected (3.6.0-4)
eoan_nethack: not-affected (3.6.0-4)
focal_nethack: not-affected (3.6.0-4)
groovy_nethack: not-affected (3.6.0-4)
hirsute_nethack: not-affected (3.6.0-4)
impish_nethack: not-affected (3.6.0-4)
jammy_nethack: not-affected (3.6.0-4)
devel_nethack: not-affected (3.6.0-4)