Home

Description

Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below.

PUBLISHED Reserved 2026-04-13 | Published 2026-07-13 | Updated 2026-07-13 | Assigner CERT-PL




MEDIUM: 5.1CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status
unaffected

Any version
affected

Credits

Michał Majchrowicz (AFINE) finder

Marcin Wyczechowski (AFINE) finder

References

cgit.git.savannah.gnu.org/...f46913269a9e62aceda3636afe8147b patch

cert.pl/en/posts/2026/07/CVE-2026-40467 third-party-advisory

cve.org (CVE-2026-40469)

nvd.nist.gov (CVE-2026-40469)

Download JSON