{"id":"USN-6373-1","summary":"gawk vulnerability","details":"It was discovered that gawk could be made to read out of bounds when\nprocessing certain inputs. If a user or an automated system were tricked\ninto opening a specially crafted input, an attacker could possibly use\nthis issue to cause a denial of service.\n","modified":"2026-02-10T04:43:19Z","published":"2023-09-14T18:55:29Z","related":["UBUNTU-CVE-2023-4156"],"upstream":["CVE-2023-4156","UBUNTU-CVE-2023-4156"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6373-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-4156"}],"affected":[{"package":{"name":"gawk","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/gawk@1:4.0.1+dfsg-2.1ubuntu2+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.0.1+dfsg-2.1ubuntu2+esm1"}]}],"versions":["1:4.0.1+dfsg-2.1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"gawk","binary_version":"1:4.0.1+dfsg-2.1ubuntu2+esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6373-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-4156"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"gawk","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/gawk@1:4.1.3+dfsg-0.1ubuntu0.1~esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.1.3+dfsg-0.1ubuntu0.1~esm1"}]}],"versions":["1:4.1.1+dfsg-1","1:4.1.3+dfsg-0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"gawk","binary_version":"1:4.1.3+dfsg-0.1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6373-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-4156"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"gawk","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/gawk@1:4.1.4+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.1.4+dfsg-1ubuntu0.1~esm1"}]}],"versions":["1:4.1.4+dfsg-1","1:4.1.4+dfsg-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"gawk","binary_version":"1:4.1.4+dfsg-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6373-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-4156"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"gawk","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/gawk@1:5.0.1+dfsg-1ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.0.1+dfsg-1ubuntu0.1"}]}],"versions":["1:4.2.1+dfsg-1.1build1","1:5.0.1+dfsg-1"],"ecosystem_specific":{"binaries":[{"binary_name":"gawk","binary_version":"1:5.0.1+dfsg-1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6373-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-4156"}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"gawk","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/gawk@1:5.1.0-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.1.0-1ubuntu0.1"}]}],"versions":["1:5.1.0-1build1","1:5.1.0-1build2","1:5.1.0-1build3"],"ecosystem_specific":{"binaries":[{"binary_name":"gawk","binary_version":"1:5.1.0-1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6373-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-4156"}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.3"}