Nixpkgs security tracker
Permalink
CVE-2017-20229
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
MAWK 1.3.3-17 Stack-Based Buffer Overflow
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.
References
-
ExploitDB-42357 exploit
-
VulnCheck Advisory: MAWK 1.3.3-17 Stack-Based Buffer Overflow third-party-advisory
Affected products
MAWK
- ==1.3.3-17
Matching in nixpkgs
pkgs.mawk
Interpreter for the AWK Programming Language
-
nixos-unstable 1.3.4-20240819
- nixpkgs-unstable 1.3.4-20240819
- nixos-unstable-small 1.3.4-20240819
-
nixos-25.11 1.3.4-20240819
- nixos-25.11-small 1.3.4-20240819
- nixpkgs-25.11-darwin 1.3.4-20240819
Package maintainers
-
@ehmry Emery Hemingway <ehmry@posteo.net>