← back
CVE-2020-5253

Privilege escalation in NetHack

CVSS 3.9 LOWEPSS 0.5%CWE-184
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
NetHack · NetHack

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m