CVE-2020-5212

Name of the Vulnerable Software and Affected Versions NetHack versions prior to 3.6.5

Description The issue is caused by an extremely long value for the MENUCOLOR configuration file option, which can result in a buffer overflow. This can lead to a crash or remote code execution/privilege escalation. It affects systems with NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.

Recommendations For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue. As a temporary workaround, consider restricting the ability for users to upload their own configuration files to minimize the risk of exploitation.