DEBIAN-CVE-2020-5209

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-5209

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-5209.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-5209

Upstream

CVE-2020-5209

Published

2020-01-28T18:15:11Z

Modified

2025-09-19T06:16:45Z

Summary

[none]

Details

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.

References

https://security-tracker.debian.org/tracker/CVE-2020-5209

Affected packages

Debian:11 / nethack

Package

Name: nethack
Purl: pkg:deb/debian/nethack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / nethack

Package

Name: nethack
Purl: pkg:deb/debian/nethack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / nethack

Package

Name: nethack
Purl: pkg:deb/debian/nethack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / nethack

Package

Name: nethack
Purl: pkg:deb/debian/nethack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}