Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow
Vulnerability Description
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
NetHack 缓冲区错误漏洞
Vulnerability Description
NetHack是一款角色扮演类单人游戏。 NetHack 3.6.5之前版本中的AUTOCOMPLETE配置文件选项存在缓冲区错误漏洞。远程攻击者可借助特制请求利用该漏洞导致拒绝服务或提升权限。
CVSS Information
N/A
Vulnerability Type
N/A