VDB
CVE-2020-11722
CVE-2020-11722
PUBLISHED
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
EPSS 3.64% · 88.1th percentile
Risk Scores
EPSS Score
3.64%
88.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | crawl | 0, 2:0.20.1-1, 2:0.21.0-1 |
| Ubuntu:Pro:20.04:LTS | crawl | 0, 2:0.23.2-1, 2:0.24.0-1 |
| Ubuntu:Pro:16.04:LTS | crawl | 0, 2:0.16.1-1, 2:0.16.2-1 |
Exploit Intelligence
- https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html (circl)
- https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 (circl)
- https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 (circl)
- openSUSE-SU-2020:0549 (circl)
- FEDORA-2020-c976cfa87e (circl)
- FEDORA-2020-de88782eaa (circl)
Timeline
- Apr 12, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-11722 third-party-advisory
- https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html third-party-advisory
- https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 third-party-advisory
- https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-11722 third-party-advisory
- https://ubuntu.com/security/notices/USN-7969-1 vendor-advisory