Vulnerabilities > Nethack

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2023-24809 Classic Buffer Overflow vulnerability in Nethack
NetHack is a single player dungeon exploration game.
local
low complexity
nethack CWE-120
5.5
2020-03-10 CVE-2020-5254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nethack
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited.
network
nethack CWE-119
6.8
2020-03-10 CVE-2020-5253 Improper Privilege Management vulnerability in Nethack
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited.
network
low complexity
nethack CWE-269
7.5
2020-01-28 CVE-2020-5211 Classic Buffer Overflow vulnerability in Nethack
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
network
low complexity
nethack CWE-120
7.5
2020-01-28 CVE-2020-5214 Classic Buffer Overflow vulnerability in Nethack
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
network
low complexity
nethack CWE-120
7.5
2020-01-28 CVE-2020-5213 Classic Buffer Overflow vulnerability in Nethack
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
network
low complexity
nethack CWE-120
7.5
2020-01-28 CVE-2020-5212 Classic Buffer Overflow vulnerability in Nethack
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
network
low complexity
nethack CWE-120
7.5
2020-01-28 CVE-2020-5210 Classic Buffer Overflow vulnerability in Nethack
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
local
low complexity
nethack CWE-120
4.6
2020-01-28 CVE-2020-5209 Classic Buffer Overflow vulnerability in Nethack
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
local
low complexity
nethack CWE-120
4.6
2019-12-19 CVE-2019-19905 Classic Buffer Overflow vulnerability in Nethack
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files.
network
low complexity
nethack CWE-120
7.5