CVE-2023-4156 โ€” Out-of-bounds Read in Gawk

CWE-125 โ€” Out-of-bounds Read9 documents8 sources
Severity
7.1HIGHNVD
CNA4.4
EPSS
0.0%
top 91.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU GawkFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedSep 25

Description

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

โ–ถNVDgnu/gawk< 5.1.1

Also affects: Fedora 38, Enterprise Linux 6.0, 7.0

๐Ÿ”ดVulnerability Details

3
OSV
CVE-2023-4156: A heap out-of-bounds read flaw was found in builtinโ†—2023-09-25
โ–ถ
CVEList
Heap out of bound read in builtin.cโ†—2023-09-25
โ–ถ
GHSA
GHSA-8p8g-pp68-479w: A heap out-of-bounds read flaw was found in builtinโ†—2023-09-25
โ–ถ

๐Ÿ“‹Vendor Advisories

4
Ubuntu
gawk vulnerabilityโ†—2023-09-14
โ–ถ
Microsoft
Heap out of bound read in builtin.cโ†—2023-09-12
โ–ถ
Red Hat
gawk: heap out of bound read in builtin.cโ†—2023-06-19
โ–ถ
Debian
CVE-2023-4156: gawk - A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This ...โ†—2023
โ–ถ
CVE-2023-4156 โ€” Out-of-bounds Read in GNU Gawk | cvebase