Bug 2215930 (CVE-2023-4156)

Summary: CVE-2023-4156 gawk: heap out of bound read in builtin.c
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jamartis, larkimpressive, lnykryn
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gawk 5.1.1 Doc Type: If docs needed, set a value
Doc Text:
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2215940, 2215941, 2215942, 2229176    
Bug Blocks: 2215943    

Description TEJ RATHI 2023-06-19 12:39:55 UTC
A heap out of bound read issue exists in builtin.c of gawk prior to version 5.1.1. The array "the_args" takes an unsafe index "val", while it does not validate the index to ensure the index refers to a valid position in the array (e.g., exceedingly large or negative). The vulnerability can cause crash of the software and might be used by attackers to read sensitive information.

https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html
https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html
https://fossies.org/linux/gawk/ChangeLog#470 (Line: 470-475)

Comment 3 TEJ RATHI 2023-06-19 12:52:24 UTC
Created gawk tracking bugs for this issue:

Affects: fedora-all [bug 2215940]

Comment 8 Dale Lindsey 2024-04-02 03:11:08 UTC
I've observed that systemd is used in userspace by one of the tools we use that says it supports Red Hat. Which viewpoint does the government espouse?

Systemd user service error: https://help.tableau.com/current/server-linux/en-us.html https://slice-master.io The systemd user service is utilized, although not as often as the normal systemd process manager. Red Hat deactivated the systemd user service in RHEL 7 (and so all RHEL-derived distributions, such as CentOS, Oracle Linux 7, and Amazon Linux 2). Nonetheless, RedHat has told Tableau that utilizing the systemd user service is OK as long as the service is reactivated."



Please refer to my remark at https://access.redhat.com/solutions/3461241 on their method.