Bug 2215930 (CVE-2023-4156)

Summary: CVE-2023-4156 gawk: heap out of bound read in builtin.c
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jamartis, lnykryn
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gawk 5.1.1 Doc Type: If docs needed, set a value
Doc Text:
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2215940, 2215941, 2215942, 2229176    
Bug Blocks: 2215943    

Description TEJ RATHI 2023-06-19 12:39:55 UTC 
A heap out of bound read issue exists in builtin.c of gawk prior to version 5.1.1. The array "the_args" takes an unsafe index "val", while it does not validate the index to ensure the index refers to a valid position in the array (e.g., exceedingly large or negative). The vulnerability can cause crash of the software and might be used by attackers to read sensitive information.

https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html
https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html
https://fossies.org/linux/gawk/ChangeLog#470 (Line: 470-475)
Comment 3 TEJ RATHI 2023-06-19 12:52:24 UTC 
Created gawk tracking bugs for this issue:

Affects: fedora-all [bug 2215940]