CVE-2020-5253

Critical

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be…

GitHub_M·CWE-184·Published 2020-03-10

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

187 chars

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.

NVDen

187 chars

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.

NetHack versiones anteriores a la versión 3.6.0, permitía el uso malicioso del escape de caracteres en el archivo de configuración (comúnmente .nethackrc) que podría ser explotado. Este error está parcheado en NetHack 3.6.0.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	3.9	—	—	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	3.9	—	—	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
3.1	Secondary	NVD	3.9	0.8	2.7	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N