Integer Overflow Vulnerability in gawk by GNU
CVE-2026-40468

2.1LOW

Key Information:

Vendor

Gnu

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-40468?

An integer overflow vulnerability has been identified in the 'builtin.c' program file of gawk, potentially leading to memory exhaustion on the host operating system. If exploited, this could allow an attacker to overwrite gawk's heap metadata and objects with controlled data bytes. This issue impacts gawk versions 5.4.0 and earlier, emphasizing the need for users to upgrade to patched versions for enhanced security.

Affected Version(s)

gawk 0 <= 5.4.0

References

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michał Majchrowicz (AFINE)
Marcin Wyczechowski (AFINE)
.