Nhkeni

**Name of the Vulnerable Software and Affected Versions** NetHack versions prior to 3.6.0 **Description** The issue allows malicious use of escaping of characters in the configuration file, usually .nethackrc, which could be exploited. **Recommendations** For versions prior to 3.6.0, update to NetHack 3.6.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NetHack versions prior to 3.6.6 **Description** The issue concerns out-of-bound values for the `hilite status` option that can be exploited. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 3.6.6, update to version 3.6.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NetHack versions prior to 3.6.5 **Description** The issue is caused by an invalid extended command in the value for the AUTOCOMPLETE configuration file option, leading to a buffer overflow. This can result in a crash or remote code execution/privilege escalation. It affects systems with NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. **Recommendations** For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue. As a temporary workaround, consider restricting access to the AUTOCOMPLETE configuration file option to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetHack versions prior to 3.6.5 **Description** The issue is caused by an extremely long value for the `MENUCOLOR` configuration file option, which can result in a buffer overflow. This can lead to a crash or remote code execution/privilege escalation. It affects systems with NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. **Recommendations** For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue. As a temporary workaround, consider restricting the ability for users to upload their own configuration files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetHack versions prior to 3.6.5 **Description** The issue is caused by unknown options starting with `-de` and `-i` that can lead to a buffer overflow, resulting in a crash or remote code execution/privilege escalation. This affects systems with NetHack installed suid/sgid and shared systems where users can influence command line options. **Recommendations** For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue. As a temporary workaround, consider restricting the use of unknown command line options starting with `-de` and `-i` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetHack versions prior to 3.6.5 **Description** The issue is caused by detecting an unknown configuration file option, which can result in a buffer overflow. This can lead to a crash or remote code execution/privilege escalation. It affects systems with NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. **Recommendations** For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NetHack versions prior to 3.6.5 **Description** The issue is caused by a buffer overflow resulting from too long of a value for the `SYMBOL` configuration file option, potentially leading to a crash or remote code execution/privilege escalation. This affects systems with NetHack installed suid/sgid and shared systems allowing users to upload their own configuration files. **Recommendations** For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue. As a temporary workaround, consider restricting the ability for users to upload their own configuration files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetHack versions prior to 3.6.5 **Description** The issue is caused by an invalid argument to the -w command line option, leading to a buffer overflow. This can result in a crash or remote code execution/privilege escalation. It affects systems with NetHack installed suid/sgid and shared systems where users can influence command line options. **Recommendations** For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue. As a temporary workaround, consider restricting the use of the -w command line option to minimize the risk of exploitation.