CVE-2020-11722
- Source
- https://cve.org/CVERecord?id=CVE-2020-11722
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11722.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-11722
- Downstream
- Related
- Published
- 2020-04-12T19:15:10.427Z
- Modified
- 2026-02-02T06:01:07.535828Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/
- https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
- https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
- https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
- https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
- https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
- https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
Affected packages
Git / github.com/crawl/crawl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/crawl/crawl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.10-a0
0.10-b1
0.11-a0
0.11-b1
0.12-a0
0.12-b1
0.13-a0
0.13-b1
0.14-a0
0.14-b1
0.15-a0
0.15-b1
0.16-a0
0.16-b1
0.17-a0
0.18-a0
0.18-b1
0.19-a0
0.19-b1
0.2-a0
0.20-a0
0.20-b1
0.21-a0
0.21-b1
0.22-a0
0.22-b1
0.23-a0
0.23-b1
0.24-a0
0.24-b1
0.25-a0
0.3-a0
0.4-a0
0.5-a0
0.6.0
0.6.0-a0
0.6.0-a1
0.6.0-a2
0.6.0-rc1
0.6.0-rc2
0.6.0-rc3
0.6.0-rc4
0.6.0.1
0.7.0-a0
0.7.0-a1
0.8.0-a0
0.8.0-a1
0.9-a1
0.9-b1
0.9.0-a0
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11722.json"
vanir_signatures
[
{
"source": "https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04",
"target": {
"file": "crawl-ref/source/clua.cc",
"function": "CLua::init_libraries"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11722-3aaeb4ab",
"signature_type": "Function",
"digest": {
"function_hash": "155301891872233335968417152562248788726",
"length": 930.0
}
},
{
"source": "https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04",
"target": {
"file": "crawl-ref/source/clua.cc"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11722-a8a19d55",
"signature_type": "Line",
"digest": {
"line_hashes": [
"279712834201598416094069012214363501699",
"88454257160190083554210107815608875548",
"267913134872647750431298162085052504665",
"98742457370042597015539441291944207831",
"335136016019403486511847926740572007609",
"5092986311877863069950426492060186514"
],
"threshold": 0.9
}
}
]