CVE-2026-40469

Public on 2026-07-13
Modified on 2026-07-14
Description
Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
4.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core gawk Not Affected
Amazon Linux 2023 gawk Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv3 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H