CVE-2020-11722

critical

Description

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/

https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28

https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04

https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html

Details

Source: Mitre, NVD

Published: 2020-04-12

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics