CVE-2023-24809
NetHack: NetHack Call command buffer overflow
Severity: High
Affected versions: 3.6.2 through 3.6.6
First Patched Version: 3.6.7
Basic Information:
Using the Call (C) command with a very long string can cause a buffer
overflow.
This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash.
Users are encouraged to upgrade as soon as possible.
Additional information related to this advisory, if any, will be made available at https://nethack.org/security.
Timeline:
16-Feb-2023 Fixed version 3.6.7 released.
01-Jan-2023 Bug reported.
Acknowledgements:
The NetHack Development Team gratefully acknowledges Keith Simpson for discovering this issue and for responsibly reporting it.
Revision History:
16-Feb-2023 Initial Version.