CVE-2023-4156
published 2023-09-25CVE-2023-4156: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gawk | < gawk 1:5.2.1-1 (bookworm) | gawk 1:5.2.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| gnu | gawk | < 5.1.1 | 5.1.1 |
| gnu | gawk | >= 0 < 1:5.2.1-1 | 1:5.2.1-1 |
| gnu | gawk | >= 0 < 1:5.2.1-1 | 1:5.2.1-1 |
| gnu | gawk | >= 0 < 1:5.2.1-1 | 1:5.2.1-1 |
| msrc | cbl2_gawk_5.1.1-1_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
osv7.1HIGH