CVE-2020-11722 - OpenCVE

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dungeon Crawl Stone Soup Project	Dungeon Crawl Stone Soup

Configuration 1 [-]

cpe:2.3:a:dungeon_crawl_stone_soup_project:dungeon_crawl_stone_soup:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html
https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-12T18:59:46

Updated: 2024-08-04T11:41:58.147Z

Reserved: 2020-04-12T00:00:00

Link: CVE-2020-11722

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-12T19:15:10.427

Modified: 2023-11-07T03:15:02.973

Link: CVE-2020-11722

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-09T05:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28"}, {"name": "openSUSE-SU-2020:0549", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html"}, {"name": "FEDORA-2020-c976cfa87e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/"}, {"name": "FEDORA-2020-de88782eaa", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-11722", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html", "refsource": "MISC", "url": "https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html"}, {"name": "https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04", "refsource": "MISC", "url": "https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04"}, {"name": "https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28", "refsource": "MISC", "url": "https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28"}, {"name": "openSUSE-SU-2020:0549", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html"}, {"name": "FEDORA-2020-c976cfa87e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/"}, {"name": "FEDORA-2020-de88782eaa", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:41:58.147Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28"}, {"name": "openSUSE-SU-2020:0549", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html"}, {"name": "FEDORA-2020-c976cfa87e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/"}, {"name": "FEDORA-2020-de88782eaa", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-11722", "datePublished": "2020-04-12T18:59:46", "dateReserved": "2020-04-12T00:00:00", "dateUpdated": "2024-08-04T11:41:58.147Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dungeon_crawl_stone_soup_project:dungeon_crawl_stone_soup:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF74FC80-D936-4ED3-875F-B6F92A1E1FCB", "versionEndExcluding": "0.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file."}, {"lang": "es", "value": "Dungeon Crawl Stone Soup (tambi\u00e9n se conoce como DCSS o crawl) versiones anteriores a 0.25, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del c\u00f3digo de bytes de Lua insertado en un archivo .crawlrc cargado."}], "id": "CVE-2020-11722", "lastModified": "2023-11-07T03:15:02.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-12T19:15:10.427", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}