NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
{ "vanir_signatures": [ { "target": { "file": "win/win32/winhack.c" }, "digest": { "line_hashes": [ "312269647539887670774664032978877969594", "203008790340323208233340850392220376819", "235844713220841089302372100555199115686", "164687583317955788998839275239003419194" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/nethack/nethack/commit/585e9f1b35fda7b47f8d27d12f7e93e12a69a7bc", "id": "CVE-2020-5253-2acee0cf", "signature_type": "Line", "deprecated": false }, { "target": { "file": "win/win32/winhack.c", "function": "WinMain" }, "digest": { "length": 3716.0, "function_hash": "4858587609181367127297299164415663259" }, "signature_version": "v1", "source": "https://github.com/nethack/nethack/commit/585e9f1b35fda7b47f8d27d12f7e93e12a69a7bc", "id": "CVE-2020-5253-788f2728", "signature_type": "Function", "deprecated": false } ] }