CVE-2003-0358

nethack <3.4.0 & falconseye <1.9.3 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2003-0358. PoCs published by tsao@efnet, [email protected], fengjixuchui.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in nethack (CVE-2003-0358) by passing an overly large string to corrupt memory and execute arbitrary shellcode. The shellcode is designed to spawn a shell, potentially allowing privilege escalation if nethack is setgid 'games'.

Description

Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.

Exploits (6)

exploitdb WORKING POC VERIFIED
by tsao@efnet · perllocallinux
https://www.exploit-db.com/exploits/22235

This exploit leverages a buffer overflow vulnerability in nethack (CVE-2003-0358) by passing an overly large string to corrupt memory and execute arbitrary shellcode. The shellcode is designed to spawn a shell, potentially allowing privilege escalation if nethack is setgid 'games'.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: nethack (and variants like slashem, jnethack, falconseye)
No auth needed
Prerequisites: nethack installed on the target system · ability to execute nethack with a crafted argument
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by [email protected] · clocallinux
https://www.exploit-db.com/exploits/22234

This exploit leverages a buffer overflow in Nethack 3.4.0 by passing an overly large string to corrupt memory and execute arbitrary shellcode. The PoC demonstrates privilege escalation to the 'games' group via a setgid binary.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Nethack 3.4.0
No auth needed
Prerequisites: Nethack 3.4.0 installed with setgid 'games' · Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by tsao@efnet · clocallinux
https://www.exploit-db.com/exploits/22233

This exploit leverages a buffer overflow in nethack (CVE-2003-0358) by passing an overly large string to corrupt memory and execute arbitrary shellcode. The shellcode spawns a shell, potentially allowing privilege escalation if nethack is setgid 'games'.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: nethack (and variants like slashem, jnethack, falconseye)
No auth needed
Prerequisites: nethack installed (preferably setgid 'games') · ability to execute nethack with a long argument
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by fengjixuchui · poc
https://github.com/fengjixuchui/CVE-2003-0358

This repository contains functional exploit code for CVE-2003-0358, a buffer overflow vulnerability in Nethack 3.4.0 and earlier. The exploit leverages a long -s command line option to execute arbitrary shellcode, achieving local privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Nethack 3.4.0 and earlier, Falconseye 1.9.3 and earlier
No auth needed
Prerequisites: Local access to the target system · Nethack or Falconseye installed with vulnerable version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by gmh5225 · poc
https://github.com/gmh5225/CVE-2003-0358

This repository contains functional exploit code for CVE-2003-0358, a buffer overflow vulnerability in Nethack 3.4.0 and earlier. The exploit leverages a long -s command line option to execute arbitrary shellcode, demonstrating local privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Nethack 3.4.0 and earlier, Falconseye 1.9.3 and earlier
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable Nethack or Falconseye installation
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/snowcra5h/cve-2003-0358

This repository contains functional exploit code for CVE-2003-0358, a buffer overflow vulnerability in Nethack 3.4.0 and earlier, and Falcon's Eye 1.9.3 and earlier. The exploit leverages a long -s command line option to execute arbitrary shellcode, achieving local privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Nethack 3.4.0 and earlier, Falcon's Eye 1.9.3 and earlier
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable Nethack or Falcon's Eye installation
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-350
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-316
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11283
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6806
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0
Patch, Third Party Advisory x_refsource_confirm
http://nethack.sourceforge.net/v340/bugmore/secpatch.txt

Scores

EPSS 0.0023
EPSS Percentile 45.8%

Details

CWE
CWE-120
Status published
Products (4)
debian/debian_linux 2.2
debian/debian_linux 3.0
falconseye_project/falconseye < 1.9.3
nethack/nethack < 3.4.0
Published Jun 09, 2003
Tracked Since Feb 18, 2026