CVE-2020-5253
LOWNetHack < 3.6.0 - Arbitrary Code Execution via Configuration File Escape Sequence
Title source: llmDescription
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
Patch, Third Party Advisory x_refsource_misc
https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8
Scores
CVSS v3
3.9
EPSS
0.0054
EPSS Percentile
41.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-184
CWE-269
Status
published
Products (1)
nethack/nethack
< 3.6.0
Published
Mar 10, 2020
Tracked Since
Feb 18, 2026