Vulnerability Description
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nethack | Nethack | >= 3.6.2, < 3.6.7 |
Related Weaknesses (CWE)
References
- https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgchVendor Advisory
- https://nethack.org/security/CVE-2023-24809.htmlVendor Advisory
- https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgchVendor Advisory
- https://nethack.org/security/CVE-2023-24809.htmlVendor Advisory
FAQ
What is CVE-2023-24809?
CVE-2023-24809 is a vulnerability with a CVSS score of 5.5 (MEDIUM). NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack p...
How severe is CVE-2023-24809?
CVE-2023-24809 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24809?
Check the references section above for vendor advisories and patch information. Affected products include: Nethack Nethack.