#VU31988 Buffer overflow in NetHack - CVE-2019-19905

Cybersecurity Help s.r.o.

Published: 2019-12-19 | Updated: 2020-07-28

Vulnerability identifier: #VU31988

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-19905

CWE-ID: CWE-120

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
NetHack
Client/Desktop applications / Games

Vendor: The NetHack DevTeam

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.

Mitigation
Install update from vendor's website.

Vulnerable software versions

NetHack: 3.6.0 - 3.6.3

External links
https://bugs.debian.org/947005
https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226
https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5
https://nethack.org/security/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in nethack (Alpine package)

Buffer overflow in NetHack