Affected versions: 3.6.2 through 3.6.6
First Patched Version: 3.6.7
Using the Call (C) command with a very long string can cause a buffer overflow.
This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash.
Users are encouraged to upgrade as soon as possible.
Additional information related to this advisory, if any, will be made available at https://nethack.org/security.
16-Feb-2023 Fixed version 3.6.7 released.
01-Jan-2023 Bug reported.
Hosted courtesy of alt.org.
NetHack is Copyright 1985-2023 by Stichting Mathematisch Centrum
and M. Stephenson. See
our license for details.
This site is Copyright 1999-2023 by Kenneth Lorber, Kensington, Maryland.