Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2023-4156
HistorySep 25, 2023 - 6:15 p.m.

CVE-2023-4156

2023-09-2518:15:11
CWE-125
redhat
web.nvd.nist.gov
94
cve-2023-4156
gawk package
heap out-of-bounds read
crash
sensitive information
nvd

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

Affected configurations

Nvd
Node
gnugawkRange<5.1.1
Node
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
Node
fedoraprojectfedoraMatch38
VendorProductVersionCPE
gnugawk*cpe:2.3:a:gnu:gawk:*:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "gawk",
    "vendor": "n/a",
    "versions": [
      {
        "version": "5.1.1",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gawk",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gawk",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gawk",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gawk",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "gawk",
    "defaultStatus": "affected"
  }
]

Related

nessus 21
openvas 15
redhatcve 1
osv 1
nvd 1
ubuntucve 1
cbl_mariner 1
amazon 1
ubuntu 1
prion 1
redos 1
vulnrichment 1
cvelist 1
debiancve 1
ibm 1
veracode 1
photon 2
hp 1
nessus
nessus
EulerOS Virtualization 2.10.0 : gawk (EulerOS-SA-2023-3468)
2024-01-16 00:00:00
Amazon Linux 2023 : gawk, gawk-all-langpacks, gawk-devel (ALAS2023-2023-292)
2023-08-24 00:00:00
EulerOS Virtualization 2.11.1 : gawk (EulerOS-SA-2023-3357)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for gawk (EulerOS-SA-2023-3208)
2023-11-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3431-1)
2023-08-25 00:00:00
openSUSE: Security Advisory for gawk (SUSE-SU-2023:3440-1)
2024-03-04 00:00:00
redhatcve
redhatcve
CVE-2023-4156
2023-08-04 15:18:59
osv
osv
gawk vulnerability
2023-09-14 18:55:29
nvd
nvd
CVE-2023-4156
2023-09-25 18:15:11
ubuntucve
ubuntucve
CVE-2023-4156
2023-08-08 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-4156 affecting package gawk for versions less than 5.1.1-1
2023-10-21 15:00:39
amazon
amazon
Low: gawk
2023-11-29 22:19:00
ubuntu
ubuntu
gawk vulnerability
2023-09-14 00:00:00
prion
prion
Heap overflow
2023-09-25 18:15:00
redos
redos
ROS-20240404-16
2024-04-04 00:00:00
vulnrichment
vulnrichment
CVE-2023-4156 Heap out of bound read in builtin.c
2023-09-25 17:20:19
cvelist
cvelist
CVE-2023-4156 Heap out of bound read in builtin.c
2023-09-25 17:20:19
debiancve
debiancve
CVE-2023-4156
2023-09-25 18:15:11
ibm
ibm
Security Bulletin: Due to the use of the gawk package, IBM CICS TX Advanced is vulnerable to a heap out-of-bounds flaw (CVE-2023-4156).
2024-02-13 16:42:29
veracode
veracode
Out-Of-Bounds Read
2023-08-22 07:06:20
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0676
2023-10-30 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0488
2023-10-12 00:00:00
hp
hp
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON
Related for CVE-2023-4156
nessus21openvas15redhatcve1osv1nvd1ubuntucve1cbl_mariner1amazon1ubuntu1prion1redos1vulnrichment1cvelist1debiancve1ibm1veracode1photon2hp1