CVE-2026-40553

Published: July 16, 2026Last modified: July 17, 2026

Description

Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk (ftype() routine). This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below.

Severity score breakdown

ParameterValue
Base score7.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux25 LTSgawkFixed (5.3.2-r3)
StreamgawkFixed (5.3.2-r3)
Hardened Containers25 LTSgawkFixed (5.3.2-r3)
StreamgawkFixed (5.3.2-r3)

References

ON THIS PAGE