Skip to main content

GNU gawk CVE-2026-40468

LOW
Integer Overflow or Wraparound (CWE-190)
2026-07-13 CERT-PL
2.1
CVSS 4.0 · Vendor: CERT-PL

Severity by source

Vendor (CERT-PL) PRIMARY
2.1 LOW
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.0 MEDIUM

Local tool with attack prerequisites (AT:P maps to AC:H); any user can run gawk (PR:N); no confidentiality impact; limited integrity and availability.

3.1 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 13, 2026 - 13:17 vuln.today
CVE Published
Jul 13, 2026 - 12:07 cve.org
LOW 2.1

DescriptionCVE.org

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.

AnalysisAI

Integer overflow in GNU gawk's builtin.c (versions 5.4.0 and below) enables heap metadata corruption and memory exhaustion when gawk processes attacker-crafted input. The flaw stems from a CWE-190 integer wraparound condition that can be triggered locally to overwrite heap objects with attacker-controlled bytes, potentially escalating from a denial-of-service to memory corruption with partial integrity impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Supply crafted numeric input
Delivery
Feed to vulnerable gawk process
Exploit
Trigger integer overflow in builtin.c
Execution
Corrupt heap allocation metadata
Persist
Overwrite heap objects with attacker bytes
Impact
Cause memory exhaustion or partial integrity compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires that gawk processes attacker-controlled input containing carefully crafted numeric arguments capable of triggering the integer overflow in builtin.c - this is reflected by the CVSS 4.0 AT:P (Attack Requirements: Present) metric, indicating specific conditions must be met rather than a default-exploitable configuration. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is low to moderate in isolation but warrants patching where gawk processes untrusted external input. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker supplies a crafted input file or stream containing specific numeric values that, when passed to a gawk built-in function, trigger an integer overflow in builtin.c. The overflowed value corrupts heap allocation size calculations, causing gawk to either exhaust memory or write attacker-controlled bytes into adjacent heap metadata. …
Remediation Vendor-released patch: upstream fix committed to the GNU gawk Savannah repository (commit 062f2f2581b991362c046f7f2e238ffa34e6f8c7), available at https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=062f2f2581b991362c046f7f2e238ffa34e6f8c7. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-40468 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy