CVE-2026-40468
LOW
2.1
CVSS 4.0
Description
Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
Metadata
Severity & Metrics
2.1
LOW CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| GNU | gawk | — | 0 ≤ 5.4.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-190 | cna | CWE-190 Integer Overflow or Wraparound |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 2.1 | LOW | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L |
References (2)