Integer Overflow Vulnerability in gawk by GNU
CVE-2026-40468
2.1LOW
What is CVE-2026-40468?
An integer overflow vulnerability has been identified in the 'builtin.c' program file of gawk, potentially leading to memory exhaustion on the host operating system. If exploited, this could allow an attacker to overwrite gawk's heap metadata and objects with controlled data bytes. This issue impacts gawk versions 5.4.0 and earlier, emphasizing the need for users to upgrade to patched versions for enhanced security.
Affected Version(s)
gawk 0 <= 5.4.0
References
CVSS V4
Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Michał Majchrowicz (AFINE)
Marcin Wyczechowski (AFINE)