CVE-2020-11722

moderate-risk
Published 2020-04-12

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

Do I need to act?

~
3.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 8acddc3725aae90e61d3734f2048c9c77819ccc5, 768f60da87a3fa0b5561da5ade9309577c176d04, fc522ff6eb1bbb85e3de60c60a45762571e48c28
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Dungeon Crawl Stone Soup

Affected Vendors

Dungeon Crawl Stone Soup Project

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html
Patch https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
Patch https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
Patch https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html
Patch https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
Patch https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
Patch https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal