CVE-2020-5253
Published: 10 March 2020
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
Priority
Status
Package | Release | Status |
---|---|---|
nethack
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(3.6.0-4)
|
eoan |
Not vulnerable
(3.6.0-4)
|
|
focal |
Not vulnerable
(3.6.0-4)
|
|
groovy |
Not vulnerable
(3.6.0-4)
|
|
hirsute |
Not vulnerable
(3.6.0-4)
|
|
impish |
Not vulnerable
(3.6.0-4)
|
|
jammy |
Not vulnerable
(3.6.0-4)
|
|
kinetic |
Not vulnerable
(3.6.0-4)
|
|
lunar |
Not vulnerable
(3.6.0-4)
|
|
mantic |
Not vulnerable
(3.6.0-4)
|
|
noble |
Not vulnerable
(3.6.0-4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.6.0-1)
|
|
xenial |
Needed
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |