CVE-2020-11722

Опубликовано: 12 апр. 2020

Источник: debian

Описание

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
crawl	fixed	2:0.25.0-1		package
crawl	no-dsa		buster	package
crawl	no-dsa		stretch	package
crawl	no-dsa		jessie	package

Примечания

https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28

Связанные уязвимости

CVE-2020-11722

CVSS3: 9.8

ubuntu

почти 6 лет назад

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

CVE-2020-11722

CVSS3: 9.8

nvd

почти 6 лет назад

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

openSUSE-SU-2020:0549-1

suse-cvrf

почти 6 лет назад

Security update for crawl

GHSA-293j-rh9p-w2r8

github

больше 3 лет назад

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.