NetHack 3.6.6

From NetHackWiki
Jump to navigation Jump to search

NetHack 3.6.6 is the 36th public release of NetHack. It was released on March 8th, 2020. This release fixes a security vulnerability that existed in versions 3.6.1, 3.6.2, 3.6.3, 3.6.4 and 3.6.5, as well as some more minor bugs. There were no new gameplay features.[1]

Availablity

Nethack 3.6.6 is available from the official NetHack website.

Significant changes

This release fixes CVE-2020-5254.[2] As with the security bugs fixed in 3.6.4 and 3.6.5, this bug was reported to the DevTeam by security researcher David Mendenhall, who also explained that the bug can be used to glitch the game.[3]

There were some other changes[4]:

  • Formatting corpse names used internal buffers differently from formatting other objects and could potentially clobber memory
  • Avoid divide by 0 crash if 'bogusmon' (file of bogus monster types) is empty
  • Avoid #wizrumorcheck crash if either 'rumors.tru' or 'rumors.fal' or both were empty when makedefs built 'rumors'
  • Avoid "'s glorkum pass harmlessly through the shade" for weaponless monsters

References