Privilege escalation in NetHack

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

不完整的黑名单

NetHack 安全漏洞

NetHack是一款角色扮演类单人游戏。 NetHack 3.6.0之前版本中存在安全漏洞。攻击者可利用该漏洞在配置文件中对字符进行恶意的转义，进而提升权限。

N/A

N/A