CVE-2023-24809 in NetHack
Summary
by MITRE • 02/17/2023
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/18/2023
The vulnerability identified as CVE-2023-24809 affects the classic single-player dungeon exploration game NetHack, specifically targeting versions 3.6.2 through 3.6.6. This buffer overflow flaw manifests when users provide illegal input to the "C" (call) command within the game interface. The technical nature of this vulnerability places it squarely within the CWE-121 category of buffer overflow conditions, where insufficient bounds checking allows malicious input to overwrite adjacent memory locations. The flaw represents a classic stack-based buffer overflow that occurs during command processing, particularly when handling user-provided strings that exceed allocated buffer capacity.
The operational impact of this vulnerability extends beyond simple game crashes, particularly on systems where NetHack is installed with setuid/setgid permissions. When NetHack runs with elevated privileges, the buffer overflow can potentially be exploited to execute arbitrary code, making this issue particularly dangerous in multi-user environments where privilege escalation attacks could be mounted. The vulnerability affects systems where NetHack is installed with suid/sgid bits set, creating a potential attack vector for privilege escalation. Even on systems where NetHack runs with standard user permissions, the crash vulnerability can be exploited for denial-of-service attacks, disrupting gameplay and potentially affecting system stability. The vulnerability's resolution in NetHack 3.6.7 demonstrates that proper bounds checking and input validation were implemented to prevent memory corruption during command processing.
From a cybersecurity perspective, this vulnerability aligns with ATT&CK technique T1068 which covers "Exploitation for Privilege Escalation" and T1499 which addresses "Endpoint Denial of Service." The issue represents a significant concern for system administrators managing shared computing environments where NetHack may be installed with elevated privileges. The vulnerability's exploitation requires minimal user interaction, making it particularly concerning as it can be triggered through normal gameplay commands. Organizations should consider the broader implications of this vulnerability in environments where multiple users share systems, as the potential for privilege escalation increases when applications run with elevated permissions. The lack of known workarounds emphasizes the critical nature of upgrading to patched versions, as users cannot safely continue using vulnerable installations without accepting significant security risks. System security policies should mandate immediate patching of this vulnerability across all systems where NetHack is installed, particularly in multi-user or shared computing environments where the potential for exploitation is highest.