Description
Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
Problem types
CWE-190 Integer Overflow or Wraparound
Product status
Any version
Credits
Michał Majchrowicz (AFINE)
Marcin Wyczechowski (AFINE)
References
cgit.git.savannah.gnu.org/...1b991362c046f7f2e238ffa34e6f8c7
cert.pl/en/posts/2026/07/CVE-2026-40467