Candidate: CVE-2020-5254
PublicDate: 2020-03-10 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5254
 https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9
 https://nethack.org/security/CVE-2020-5254.html
Description:
 In NetHack before 3.6.6, some out-of-bound values for the hilite_status
 option can be exploited. NetHack 3.6.6 resolves this issue.
Ubuntu-Description:
Notes:
 debian> Vulnerable code introduced in 3.6.1
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_nethack:
upstream_nethack: needed
precise/esm_nethack: DNE
trusty_nethack: ignored (out of standard support)
trusty/esm_nethack: DNE
xenial_nethack: not-affected (code not present)
bionic_nethack: not-affected (code not present)
eoan_nethack: ignored (reached end-of-life)
focal_nethack: needed
groovy_nethack: not-affected (3.6.6-1)
hirsute_nethack: not-affected (3.6.6-1)
impish_nethack: not-affected (3.6.6-1)
jammy_nethack: not-affected (3.6.6-1)
devel_nethack: not-affected (3.6.6-1)