{"id":"CVE-2020-5212","details":"In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.","aliases":["GHSA-g89f-m829-4m56"],"modified":"2026-05-18T18:04:58.087322Z","published":"2020-01-28T18:15:11.337Z","references":[{"type":"ADVISORY","url":"https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nethack/nethack","events":[{"introduced":"0"},{"fixed":"514682730773318f68d5b28b0428cfe333f92fe0"}],"database_specific":{"cpe":"cpe:2.3:a:nethack:nethack:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"3.6.5"}],"source":"CPE_FIELD"}}],"versions":["NetHack-3.6.4_Released","NetHack-3.6.3_Released","NetHack-3.6.3.beta1.2019.11.17","NetHack-3.6.3.wip.2019.10.30","v3.6.3.wip.2019.10.29","NetHack-3.6.3.wip.2019.10.29","v3.6.3.757eca7","NetHack-3.6.3_WIP","NetHack-3.6.2_Released","NetHack-3.6.2_Release","NetHack-3.6.1_Release","NetHack-3.6.1_RC01","NetHack-3.6.0_Release","NetHack-3.6.0_RC05","NetHack-3.6.0_RC04","NetHack-3.6.0_RC03","NetHack-3.6.0_RC02","NetHack-3.6.0_RC01","MOVE2GIT"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-5212.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}