Use After Free Vulnerability in gawk Affects GNU Software
CVE-2026-40467
5.1MEDIUM
What is CVE-2026-40467?
A Use After Free vulnerability has been identified in the 'io.c' program file of gawk, specifically within the do_getline_redir() routine. This flaw can potentially lead to unexpected crashes when the software is run. Affected versions include gawk 5.4.0 and earlier, making it crucial for users to assess their systems and apply necessary updates to mitigate the risk associated with this vulnerability.
Affected Version(s)
gawk 0 <= 5.4.0
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Michał Majchrowicz (AFINE)
Marcin Wyczechowski (AFINE)