CVE-2023-24809

EPSS 0.05%
Published 17.02.2023 20:15:12
Last modified 21.11.2024 07:48:26
Source security-advisories@github.com
Teams watchlist Login
Open Login

NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Nethack ≫ Nethack Version >= 3.6.2 < 3.6.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.131

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch

Vendor Advisory

https://nethack.org/security/CVE-2023-24809.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-24809

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24809

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24809

EUVD