NetHack 3.6.5 is the 35th public release of NetHack. It was released on 27th January 2020. This release fixes several security exploits that existed in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3 and 3.6.4, as well as some more minor bugs. There were no new gameplay features.
NetHack 3.6.5 is available from the official NetHack website.
Six major security exploits were fixed. They were all buffer overflows that could be triggered by parsing options in configuration options or the command line.
Other bug fixes include:
- fix accessing mons[-1] when trying to gate in a non-valid demon
- fix accessing mons[-1] when monster figures out if a tin cures stoning
- have string_for_opt() return empty_optstr on failure
- ensure existing callers of string_for_opt() check return value before using it
- use vsnprintf instead of vsprintf in pline.c where possible
- Windows: includes a fix from a 3.6.4 post-release update where OPTIONS=map_mode:fit_to_screen could cause a game start failure
- Windows: users with C-locale unmappable names could get game start failure