CVE-2023-24809

NetHack: NetHack Call command buffer overflow

Severity: High
Affected versions: 3.6.2 through 3.6.6
First Patched Version: 3.6.7

Basic Information:
Using the Call (C) command with a very long string can cause a buffer overflow.

This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash.

Users are encouraged to upgrade as soon as possible.

Additional information related to this advisory, if any, will be made available at https://nethack.org/security.

Timeline:
16-Feb-2023 Fixed version 3.6.7 released.
01-Jan-2023 Bug reported.

Acknowledgements:
The NetHack Development Team gratefully acknowledges Keith Simpson for discovering this issue and for responsibly reporting it.
Revision History:
16-Feb-2023 Initial Version.

About
Known Bug List
Version 3.6.7
License
Known Bug Search
Archive
Policies
Site Map
Old News
Security Issues
Developer Resources
Old Versions
Contact Us

Hosted by:     Get NetHack at SourceForge.net. Fast, secure and Free Open Source software downloads

NetHack is Copyright 1985-2023 by Stichting Mathematisch Centrum and M. Stephenson. See our license for details.
This site is Copyright 1999-2023 by Kenneth Lorber, Kensington, Maryland.