NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "nethack-common", "binary_version": "3.6.0-4" }, { "binary_name": "nethack-common-dbgsym", "binary_version": "3.6.0-4" }, { "binary_name": "nethack-console", "binary_version": "3.6.0-4" }, { "binary_name": "nethack-console-dbgsym", "binary_version": "3.6.0-4" }, { "binary_name": "nethack-lisp", "binary_version": "3.6.0-4" }, { "binary_name": "nethack-lisp-dbgsym", "binary_version": "3.6.0-4" }, { "binary_name": "nethack-x11", "binary_version": "3.6.0-4" }, { "binary_name": "nethack-x11-dbgsym", "binary_version": "3.6.0-4" } ] }