VDB

GCVE-110-MAGEIA-2021-77

GCVE-110-MAGEIA-2021-77
Advisory Published
Vulnetix · Advisory published February 10, 2021
Updated nethack packages fix security vulnerabilities: NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files (CVE-2019-19905). In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options (CVE-2020-5209). In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options (CVE-2020-5210). In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5211). In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5212). In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5213). In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5214). In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited (CVE-2020-5254). The nethack package has been updated to version 3.6.6, fixing these issues and other bugs. See the upstream release notes for details.

Affected Products

VendorProductVersionsPlatforms
Mageianethack3.6.6-1.mga7 (unaffected), 0 (affected), 3.6.6-1.mga7 (unaffected), 0 (affected)
Mageiaphp0 (affected), 8.0.3-1.1.mga8 (unaffected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›