CVE-2020-5209

Name of the Vulnerable Software and Affected Versions NetHack versions prior to 3.6.5

Description The issue is caused by unknown options starting with -de and -i that can lead to a buffer overflow, resulting in a crash or remote code execution/privilege escalation. This affects systems with NetHack installed suid/sgid and shared systems where users can influence command line options.

Recommendations For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue. As a temporary workaround, consider restricting the use of unknown command line options starting with -de and -i to minimize the risk of exploitation.