CVE-2020-5213

Name of the Vulnerable Software and Affected Versions NetHack versions prior to 3.6.5

Description The issue is caused by a buffer overflow resulting from too long of a value for the SYMBOL configuration file option, potentially leading to a crash or remote code execution/privilege escalation. This affects systems with NetHack installed suid/sgid and shared systems allowing users to upload their own configuration files.

Recommendations For versions prior to 3.6.5, upgrade to NetHack 3.6.5 to resolve the issue. As a temporary workaround, consider restricting the ability for users to upload their own configuration files to minimize the risk of exploitation.