CVE-2019-19905

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-19905
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19905.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-19905
Downstream
Related
Published
2019-12-19T18:15:12Z
Modified
2025-09-19T10:57:38.469776Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.

References

Affected packages

Git / github.com/nethack/nethack

Affected ranges

Type
GIT
Repo
https://github.com/nethack/nethack
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
Fixed
f4a840a48f4bcf11757b3d859e9d53cc9d5ef226

Affected versions

Other

MOVE2GIT

NetHack-3.*

NetHack-3.6.0_RC01
NetHack-3.6.0_RC02
NetHack-3.6.0_RC03
NetHack-3.6.0_RC04
NetHack-3.6.0_RC05
NetHack-3.6.0_Release
NetHack-3.6.1_RC01
NetHack-3.6.1_Release
NetHack-3.6.2_Release
NetHack-3.6.2_Released
NetHack-3.6.3.beta1.2019.11.17
NetHack-3.6.3.wip.2019.10.29
NetHack-3.6.3.wip.2019.10.30
NetHack-3.6.3.wip.2019.11.04
NetHack-3.6.3_Released
NetHack-3.6.3_WIP

v3.*

v3.6.3.757eca7
v3.6.3.wip.2019.10.29

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "26961400313376108429921987578640899328",
                    "13198010897084917927445134827763789871",
                    "301660297847314158906968785346061189430",
                    "305364512567948852253197631201114623342",
                    "48135041025568776608930142938556586751",
                    "35228986595259396408271638364536354873",
                    "311424731610931539670844446726701228163",
                    "336997739704092229153841976868564076325",
                    "1897609516785154338923294080487339007",
                    "332372284303631247813861771839214444055",
                    "66159801133062218642847150427360569172",
                    "54546970892710300408899295710613259856",
                    "333388130237199819552198483958670175399",
                    "50946443806047556472667632790487523973",
                    "250727457770103261683033760717612742717",
                    "128182379615074142482727040696954110008",
                    "144408160085640486571022953468062618191",
                    "290501057356310795772825502409823155585",
                    "290992863102276924145757132850038097533",
                    "153150961289152042704493088656653711974",
                    "279795543691468206954057611899987833889",
                    "196077983847699537571137104472712850511",
                    "332452378490572381286775884918331708236",
                    "310287622283507457521787993113238323308",
                    "314529546056484968251247494416024801154",
                    "206339289586190838729620367865181311779",
                    "227602963386412199398419533756630284218",
                    "196805195529654038130795328704152591388",
                    "234860307265135649672215421452423321552",
                    "11094941029869456702831502437266640204",
                    "26139496897707473188171585183791514733",
                    "257014659270557530224795810044454823939",
                    "174063909781570399675394002348367771042",
                    "100692113801815488445166711921157125232",
                    "77659063208283810219549991776486221903",
                    "52823446101815831710242094852588069347"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/nethack/nethack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226",
            "signature_version": "v1",
            "id": "CVE-2019-19905-070f9c1f",
            "target": {
                "file": "src/files.c"
            },
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "digest": {
                "line_hashes": [
                    "148383733785852221357013502342826007967",
                    "236825485053627463327810525715866187754",
                    "247962841106412913271293681928109696190",
                    "132038915628151169470867789690965346955",
                    "109237742000191090058096133844090657287"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/nethack/nethack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47",
            "signature_version": "v1",
            "id": "CVE-2019-19905-a8a22e62",
            "target": {
                "file": "src/files.c"
            },
            "signature_type": "Line",
            "deprecated": false
        }
    ]
}