Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-10
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
| Products | Nethack |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links | https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9 |