Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
History

Mon, 13 Jul 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu gawk
Vendors & Products Gnu
Gnu gawk

Mon, 13 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
Description Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
Title Heap buffer overflow in gawk
Weaknesses CWE-190
References
Metrics cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-07-13T13:01:29.711Z

Reserved: 2026-04-13T14:44:55.647Z

Link: CVE-2026-40468

cve-icon Vulnrichment

Updated: 2026-07-13T13:01:26.495Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T14:30:16Z