2215930 – (CVE-2023-4156) CVE-2023-4156 gawk: heap out of bound read in builtin.c

Bug 2215930 (CVE-2023-4156) - CVE-2023-4156 gawk: heap out of bound read in builtin.c

Summary: CVE-2023-4156 gawk: heap out of bound read in builtin.c

Keywords:
Status:	NEW
Alias:	CVE-2023-4156
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2215940 2215941 2215942 2229176
Blocks:	2215943
TreeView+	depends on / blocked

Reported:	2023-06-19 12:39 UTC by TEJ RATHI
Modified:	2025-05-02 10:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:	gawk 5.1.1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-06-19 12:39:55 UTC

A heap out of bound read issue exists in builtin.c of gawk prior to version 5.1.1. The array "the_args" takes an unsafe index "val", while it does not validate the index to ensure the index refers to a valid position in the array (e.g., exceedingly large or negative). The vulnerability can cause crash of the software and might be used by attackers to read sensitive information.

https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html
https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html
https://fossies.org/linux/gawk/ChangeLog#470 (Line: 470-475)

Comment 3 TEJ RATHI 2023-06-19 12:52:24 UTC

Created gawk tracking bugs for this issue:

Affects: fedora-all [bug 2215940]

Comment 8 Dale Lindsey 2024-04-02 03:11:08 UTC Comment hidden (spam)

I've observed that systemd is used in userspace by one of the tools we use that says it supports Red Hat. Which viewpoint does the government espouse?

Systemd user service error: https://help.tableau.com/current/server-linux/en-us.html https://slice-master.io The systemd user service is utilized, although not as often as the normal systemd process manager. Red Hat deactivated the systemd user service in RHEL 7 (and so all RHEL-derived distributions, such as CentOS, Oracle Linux 7, and Amazon Linux 2). Nonetheless, RedHat has told Tableau that utilizing the systemd user service is OK as long as the service is reactivated."



Please refer to my remark at https://access.redhat.com/solutions/3461241 on their method.

Comment 9 Paul 2024-10-02 03:54:59 UTC Comment hidden (spam)

(In reply to TEJ RATHI from comment #0)
> A heap out of bound read issue exists in builtin.c of gawk prior to version
> 5.1.1. The array "the_args" takes an unsafe index "val", while it does not
> validate the index to ensure the index refers to a valid position in the
> array (e.g., exceedingly large or negative). The vulnerability can cause
> crash of the software and might be used by attackers to read sensitive
> information.
> 
> https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html https://retrobowl-college.io
> https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html
> https://fossies.org/linux/gawk/ChangeLog#470 (Line: 470-475)

The described vulnerability in gawk prior to version 5.1.1 highlights a heap out-of-bounds read issue in builtin.c, where the array the_args is accessed using an unsafe index val without proper validation. This lack of index checking can lead to crashes and potentially allow attackers to read sensitive information from memory. To mitigate this vulnerability, it is crucial to update to version 5.1.1 or later, where this issue has likely been addressed. Additionally, implementing rigorous input validation and bounds checking in the code can help prevent similar vulnerabilities in the future.

Comment 10 helen dam 2024-12-06 02:18:45 UTC Comment hidden (spam)

(In reply to Dale Lindsey from comment #8)
> I've observed that systemd is used in userspace by one of the tools we use
> that says it supports Red Hat. Which viewpoint does the government espouse?
> 
> Systemd user service error:
> https://help.tableau.com/current/server-linux/en-us.html
> https://geometrydashwave.io The systemd user service is utilized, although not
> as often as the normal systemd process manager. Red Hat deactivated the
> systemd user service in RHEL 7 (and so all RHEL-derived distributions, such
> as CentOS, Oracle Linux 7, and Amazon Linux 2). Nonetheless, RedHat has told
> Tableau that utilizing the systemd user service is OK as long as the service
> is reactivated."
> 
> 
> 
> Please refer to my remark at https://access.redhat.com/solutions/3461241 on
> their method.

thanks

Comment 11 Jim Henderson 2024-12-23 01:49:12 UTC Comment hidden (spam)

(In reply to TEJ RATHI from comment #0)
> A heap out of bound read issue exists in builtin.c of gawk prior to version
> 5.1.1. The array "the_args" takes an unsafe index "val", while it does not
> validate the index to ensure the index refers to a valid position in the
> array (e.g., exceedingly large or negative). The vulnerability can cause
> crash of the software and might be used by attackers to read sensitive
> information.
> 
> https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html https://templerun-2.io
> https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html
> https://fossies.org/linux/gawk/ChangeLog#470 (Line: 470-475)


Users should ensure they update to the latest version to mitigate these risks.

Note You need to log in before you can comment on or make changes to this bug.