Описание
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
Отчет
This issue is classified with a low severity primarily because this out-of-bounds read is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with gawk. Additionally, the loss of confidentiality is limited and does not represent the real impact of this flaw. Furthermore, gawk does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gawk | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gawk | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gawk | Fix deferred | ||
| Red Hat Enterprise Linux 9 | gawk | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
A heap out-of-bounds read flaw was found in builtin.c in the gawk pack ...
EPSS
6.1 Medium
CVSS3