发布时间: 2023年9月2日
修改时间: 2024年10月31日
A heap out of bound read issue exists in builtin.c of gawk prior to version 5.1.1. The array the_args takes an unsafe index val , while it does not validate the index to ensure the index refers to a valid position in the array (e.g., exceedingly large or negative). The vulnerability can cause crash of the software and might be used by attackers to read sensitive information.https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.htmlhttps://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.htmlhttps://fossies.org/linux/gawk/ChangeLog#470 (Line: 470-475)
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | None |
| Attack Vector | Local | Local |
| CVSS评分 | 7.1 | 3.3 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | Required | Required |
| Availability | High | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1716 | gawk security update | 2023年9月2日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | gawk | Fixed |
| KY3.4-5A | gawk | Fixed |
| KY3.5.1 | gawk | Fixed |
| KY3.5.2 | gawk | Fixed |
