Home

Description

Use After Free vulnerability has been found in "io.c" program file of gawk (do_getline_redir() routine). This issue may lead to a crash. It affects gawk in versions 5.4.0 and below.

PUBLISHED Reserved 2026-04-13 | Published 2026-07-13 | Updated 2026-07-13 | Assigner CERT-PL




MEDIUM: 5.1CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-416 Use After Free

Product status

Default status
unaffected

Any version
affected

Credits

Michał Majchrowicz (AFINE) finder

Marcin Wyczechowski (AFINE) finder

References

cgit.git.savannah.gnu.org/...09e41bec29a23098eba2e00057286d8 patch

cert.pl/en/posts/2026/07/CVE-2026-40467 third-party-advisory

cve.org (CVE-2026-40467)

nvd.nist.gov (CVE-2026-40467)

Download JSON