GNU gawk CVE-2026-40468
LOWSeverity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local tool with attack prerequisites (AT:P maps to AC:H); any user can run gawk (PR:N); no confidentiality impact; limited integrity and availability.
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
AnalysisAI
Integer overflow in GNU gawk's builtin.c (versions 5.4.0 and below) enables heap metadata corruption and memory exhaustion when gawk processes attacker-crafted input. The flaw stems from a CWE-190 integer wraparound condition that can be triggered locally to overwrite heap objects with attacker-controlled bytes, potentially escalating from a denial-of-service to memory corruption with partial integrity impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that gawk processes attacker-controlled input containing carefully crafted numeric arguments capable of triggering the integer overflow in builtin.c - this is reflected by the CVSS 4.0 AT:P (Attack Requirements: Present) metric, indicating specific conditions must be met rather than a default-exploitable configuration. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low to moderate in isolation but warrants patching where gawk processes untrusted external input. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker supplies a crafted input file or stream containing specific numeric values that, when passed to a gawk built-in function, trigger an integer overflow in builtin.c. The overflowed value corrupts heap allocation size calculations, causing gawk to either exhaust memory or write attacker-controlled bytes into adjacent heap metadata. … |
| Remediation | Vendor-released patch: upstream fix committed to the GNU gawk Savannah repository (commit 062f2f2581b991362c046f7f2e238ffa34e6f8c7), available at https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=062f2f2581b991362c046f7f2e238ffa34e6f8c7. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. Rated high severity (CVSS 7.1), this vulnerab
Stack-based buffer overflow in gawk's readdir extension (extension/readdir.c, ftype() routine) affects all gawk releases
Integer overflow in gawk's do_sub() routine (builtin.c) enables heap metadata corruption on 32-bit builds, crashing the
Use-after-free memory corruption in gawk's do_getline_redir() routine within io.c allows a local attacker to crash the g
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today