Vulnerability Description
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nethack | Nethack | >= 3.6.0, < 3.6.4 |
Related Weaknesses (CWE)
References
- https://bugs.debian.org/947005Issue TrackingPatchThird Party Advisory
- https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94bPatch
- https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef2Patch
- https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5Third Party Advisory
- https://nethack.org/security/Vendor Advisory
- https://bugs.debian.org/947005Issue TrackingPatchThird Party Advisory
- https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94bPatch
- https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef2Patch
- https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5Third Party Advisory
- https://nethack.org/security/Vendor Advisory
FAQ
What is CVE-2019-19905?
CVE-2019-19905 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared sys...
How severe is CVE-2019-19905?
CVE-2019-19905 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-19905?
Check the references section above for vendor advisories and patch information. Affected products include: Nethack Nethack.