CVE-2026-40467 PUBLISHED

Use after free in gawk

Assigner: CERT-PL
Reserved: 13.04.2026 Published: 13.07.2026 Updated: 13.07.2026

Use After Free vulnerability has been found in "io.c" program file of gawk (do_getline_redir() routine). This issue may lead to a crash. It affects gawk in versions 5.4.0 and below.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS Score: 5.1

Product Status

Vendor GNU
Product gawk
Versions Default: unaffected
  • affected from 0 to 5.4.0 (incl.)

Credits

  • Michał Majchrowicz (AFINE) finder
  • Marcin Wyczechowski (AFINE) finder

References

Problem Types

  • CWE-416 Use After Free CWE