CVE-2020-5209
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-5209
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-5209.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-5209
- Downstream
- Related
- Published
- 2020-01-28T18:15:11Z
- Modified
- 2025-10-15T12:19:39.147421Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
- References
Affected packages
Git / github.com/nethack/nethack
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nethack/nethack
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
MOVE2GIT
NetHack-3.*
NetHack-3.6.0_RC01
NetHack-3.6.0_RC02
NetHack-3.6.0_RC03
NetHack-3.6.0_RC04
NetHack-3.6.0_RC05
NetHack-3.6.0_Release
NetHack-3.6.1_RC01
NetHack-3.6.1_Release
NetHack-3.6.2_Release
NetHack-3.6.2_Released
NetHack-3.6.3.beta1.2019.11.17
NetHack-3.6.3.wip.2019.10.29
NetHack-3.6.3.wip.2019.10.30
NetHack-3.6.3.wip.2019.11.04
NetHack-3.6.3_Released
NetHack-3.6.3_WIP
NetHack-3.6.4_Released
v3.*
v3.6.3.757eca7
v3.6.3.wip.2019.10.29
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2020-5209-43e29dc6",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "sys/unix/unixmain.c"
},
"source": "https://github.com/nethack/nethack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77",
"digest": {
"threshold": 0.9,
"line_hashes": [
"310830547162893224554599239014636806229",
"34018820599253730327709495934594299296",
"317225028476795745372107821617322743833",
"129609102664991773702097279054587424331",
"45378429732371276794293173907064817784",
"241454483409671680544040774729902404698",
"149353208139140988394970222965860121246",
"53005647659553145399784742355349458457",
"279442050954566056719610912906832870671",
"32054647461642218857189089395108982167",
"235111810993396765755956616487926850976",
"45378429732371276794293173907064817784",
"241454483409671680544040774729902404698",
"164566155690431377469522275781391668811",
"286170278300611490354691993875451927576",
"75407180318704451699303769443305508093",
"303014031863806519995615049820224845999"
]
}
},
{
"signature_version": "v1",
"id": "CVE-2020-5209-ac76e6ec",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/windows.c"
},
"source": "https://github.com/nethack/nethack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77",
"digest": {
"threshold": 0.9,
"line_hashes": [
"237238631063296251006144018346673050574",
"41567080869605892763766933027668991111",
"321500404367367614574791705014071388786",
"32480354964781786051202560298652743524",
"121849526889383195702811084542056977169",
"316478146209911481076334286682992552367",
"126436293461250905056760455306129061267",
"195068358581375276627708135070540722944",
"197312668687739141795870205028744559684",
"17406290654842088973518909861769966865",
"254415618829491615975835525967253343944",
"125978380080712942028817202667769445249",
"3923122635708738405805642073433724736",
"316294812572794505879779794798027619718"
]
}
}
]