CVE-2020-5253

LOW

NetHack <3.6.0 - Code Injection

Title source: llm

Description

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.

References (2)

[Third Party Advisory] https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m

[Patch, Third Party Advisory] https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8

Scores

CVSS v3 3.9

EPSS 0.0021

EPSS Percentile 42.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-184 CWE-269

Status published

Products (1)

nethack/nethack < 3.6.0

Published Mar 10, 2020

Tracked Since Feb 18, 2026