CVE-2020-5212 (NVD)

2020-01-28

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.

Products Nethack
Type Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
First patch - None (likely due to unavailable code)
Links https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56