CVE-2020-5253
Published: 10 March 2020
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
Priority
Status
Package | Release | Status |
---|---|---|
nethack Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(3.6.0-4)
|
eoan |
Not vulnerable
(3.6.0-4)
|
|
focal |
Not vulnerable
(3.6.0-4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.6.0-1)
|
|
impish |
Not vulnerable
(3.6.0-4)
|
|
groovy |
Not vulnerable
(3.6.0-4)
|
|
hirsute |
Not vulnerable
(3.6.0-4)
|
|
xenial |
Needed
|
|
kinetic |
Not vulnerable
(3.6.0-4)
|
|
lunar |
Not vulnerable
(3.6.0-4)
|
|
jammy |
Not vulnerable
(3.6.0-4)
|
|
mantic |
Not vulnerable
(3.6.0-4)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |