{"id":"CVE-2020-11722","details":"Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.","modified":"2026-04-16T04:38:21.911533650Z","published":"2020-04-12T19:15:10.427Z","related":["openSUSE-SU-2020:0549-1","openSUSE-SU-2024:10698-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QLPN635S7J3MUXLIHYK6MDAHEIASFYP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNXK7QE7EA7XSDDNOWX2A6MJNWOIYCTC/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00037.html"},{"type":"FIX","url":"https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04"},{"type":"FIX","url":"https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28"},{"type":"FIX","url":"https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/crawl/crawl","events":[{"introduced":"0"},{"fixed":"8acddc3725aae90e61d3734f2048c9c77819ccc5"},{"fixed":"768f60da87a3fa0b5561da5ade9309577c176d04"},{"fixed":"fc522ff6eb1bbb85e3de60c60a45762571e48c28"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.25"}]}}],"versions":["0.10-b1","0.11-a0","0.11-b1","0.12-a0","0.12-b1","0.13-a0","0.13-b1","0.14-a0","0.14-b1","0.15-a0","0.15-b1","0.16-a0","0.16-b1","0.17-a0","0.18-a0","0.18-b1","0.19-a0","0.19-b1","0.2-a0","0.20-a0","0.20-b1","0.21-a0","0.21-b1","0.22-a0","0.22-b1","0.23-a0","0.23-b1","0.24-a0","0.24-b1","0.25-a0","0.25-b1","0.3-a0","0.4-a0","0.5-a0","0.6.0-a0","0.6.0-a1","0.7.0-a0","0.7.0-a1","0.8.0-a0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11722.json","vanir_signatures":[{"digest":{"length":1006,"function_hash":"38842432546403532419256997889162566012"},"id":"CVE-2020-11722-0c2c4cd1","target":{"file":"crawl-ref/source/clua.cc","function":"CLua::init_libraries"},"signature_version":"v1","source":"https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28","signature_type":"Function","deprecated":false},{"digest":{"line_hashes":["242294982595290994794940112147421089542","73658474637732568268189885060439385401","100249767034206904613240018645705743178","34499438060528928125176583532145209251","230099657110429893374369126530385979997","87598227297047635471108454250066084841","211767339932110962029517773644207930807"],"threshold":0.9},"id":"CVE-2020-11722-10fb36de","target":{"file":"crawl-ref/source/clua.cc"},"signature_version":"v1","source":"https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28","signature_type":"Line","deprecated":false},{"deprecated":false,"id":"CVE-2020-11722-3aaeb4ab","signature_version":"v1","target":{"file":"crawl-ref/source/clua.cc","function":"CLua::init_libraries"},"source":"https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04","signature_type":"Function","digest":{"length":930,"function_hash":"155301891872233335968417152562248788726"}},{"deprecated":false,"id":"CVE-2020-11722-597a1b11","signature_version":"v1","target":{"file":"crawl-ref/source/clua.cc","function":"CLua::loadfile"},"source":"https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28","signature_type":"Function","digest":{"length":605,"function_hash":"34199840351576536142193942429257052849"}},{"deprecated":false,"id":"CVE-2020-11722-a8a19d55","signature_version":"v1","target":{"file":"crawl-ref/source/clua.cc"},"source":"https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04","signature_type":"Line","digest":{"line_hashes":["279712834201598416094069012214363501699","88454257160190083554210107815608875548","267913134872647750431298162085052504665","98742457370042597015539441291944207831","335136016019403486511847926740572007609","5092986311877863069950426492060186514"],"threshold":0.9}}],"vanir_signatures_modified":"2026-04-11T15:27:48Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}