GNU gawk CVE-2026-40469
MEDIUMSeverity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local vector because gawk processes input on the local system; PR:N since any user can invoke gawk with crafted input; impact is crash-only so A:L, C:N, I:N.
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below.
AnalysisAI
Integer overflow in gawk's do_sub() routine (builtin.c) enables heap metadata corruption on 32-bit builds, crashing the process. Affecting all gawk versions through 5.4.0 compiled for 32-bit architectures, this flaw was reported by CERT-PL and is limited exclusively to the availability domain - the CVSS 4.0 vector confirms no confidentiality or integrity impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a 32-bit compiled build of gawk at version 5.4.0 or below - 64-bit builds are architecturally immune regardless of version. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.1 with vector AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N appropriately reflects a low-severity, availability-only, locally triggered issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker or malicious script supplies specially crafted substitution input to a 32-bit gawk process - for example, piping data into a gawk script that invokes sub() or gsub() - triggering the integer overflow in do_sub(), which corrupts heap metadata and causes gawk to crash. In an automated text-processing pipeline running on a 32-bit Linux system, this could interrupt batch jobs or log-analysis workflows. … |
| Remediation | The primary fix is to apply the upstream patch commit available at https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=ae1b2d508f46913269a9e62aceda3636afe8147b. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. Rated high severity (CVSS 7.1), this vulnerab
Stack-based buffer overflow in gawk's readdir extension (extension/readdir.c, ftype() routine) affects all gawk releases
Use-after-free memory corruption in gawk's do_getline_redir() routine within io.c allows a local attacker to crash the g
Integer overflow in GNU gawk's builtin.c (versions 5.4.0 and below) enables heap metadata corruption and memory exhausti
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today