In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
{ "binaries": [ { "binary_name": "nethack-common", "binary_version": "3.4.3-15build1" }, { "binary_name": "nethack-console", "binary_version": "3.4.3-15build1" }, { "binary_name": "nethack-lisp", "binary_version": "3.4.3-15build1" }, { "binary_name": "nethack-x11", "binary_version": "3.4.3-15build1" } ] }