Buffer Overflow Vulnerability in Gawk Affecting GNU Software
CVE-2026-40553
5.1MEDIUM
What is CVE-2026-40553?
A buffer overflow vulnerability has been identified in the 'extension/readdir.c' file of the Gawk program, specifically within the ftype() routine. This flaw has the potential to crash the application and may allow for code execution, although successful exploitation for the latter has not been confirmed. The issue affects Gawk versions 5.4.0 and earlier, emphasizing the importance of upgrading to mitigate risks.
Affected Version(s)
gawk 0 <= 5.4.0
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Michał Majchrowicz (AFINE)
Marcin Wyczechowski (AFINE)