CVE-2020-11722
Published: 12 April 2020
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
Priority
Status
Package | Release | Status |
---|---|---|
crawl Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Not vulnerable
(2:0.25.0-1)
|
|
hirsute |
Not vulnerable
(2:0.25.0-1)
|
|
impish |
Not vulnerable
(2:0.25.0-1)
|
|
jammy |
Not vulnerable
(2:0.25.0-1)
|
|
kinetic |
Not vulnerable
(2:0.25.0-1)
|
|
lunar |
Not vulnerable
(2:0.25.0-1)
|
|
mantic |
Not vulnerable
(2:0.25.0-1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |