CRITICAL9.8
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html
- https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
- https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
- https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html
- https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
- https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
- https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/