CVE-2020-11722

Published: Apr 12, 2020Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

Affected (1)

Products: Dungeon Crawl Stone Soup Project: Dungeon Crawl Stone Soup

Dungeon Crawl Stone Soup Project

1 product

Dungeon Crawl Stone Soup

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dungeon Crawl Stone Soup Project Dungeon Crawl Stone Soup	Before 0.25

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html

Source: cve@mitre.org

https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html