CVE-2020-5253

LOW

NetHack <3.6.0 - Code Injection

Title source: llm

Description

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.

References (2)

[Patch, Third Party Advisory] https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8

[Third Party Advisory] https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m

Scores

CVSS v3 3.9

EPSS 0.0010

EPSS Percentile 27.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-184 CWE-269

Status published

Affected Products (1)

nethack/nethack < 3.6.0

Timeline

Published Mar 10, 2020

Tracked Since Feb 18, 2026