Description
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.
Published: 2026-03-28
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The flaw is a stack-based buffer overflow in MAWK 1.3.3-17 and earlier versions, allowing attackers to exploit inadequately checked user input. This vulnerability can be triggered by crafted data that overflows the stack buffer, enabling a return-oriented programming chain that launches a shell with the application’s privileges. The primary consequence is the ability to execute arbitrary code with the rights of the running service, compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

MAWK, a publicly available scripting language, is affected in versions 1.3.3-17 and all preceding releases. The flaw applies to installations of the MAWK package distributed by the Invisible Island project. Any machine running these versions is vulnerable.

Risk and Exploitability

The CVSS base score of 9.3 classifies this modification as high severity, and the EPSS score of less than 1% indicates a low estimated exploitation probability but not zero. The vulnerability is listed as not part of the CISA KEV catalog. Exfiltration relies on externally supplied input, which suggests that an attacker must be able to supply data to the MAWK interpreter, such as via scripts or data files. If successful, remote code execution is possible.

Generated by OpenCVE AI on April 2, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest MAWK update released after version 1.3.3-17
  • If an update is unavailable, uninstall or disable MAWK on affected systems
  • Restrict or audit any scripts or inputs delivered to MAWK to prevent malicious data from being processed
  • Monitor system logs for signs of abnormal activity such as unexpected shell execution

Generated by OpenCVE AI on April 2, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Invisible-island
Invisible-island mawk
CPEs cpe:2.3:a:invisible-island:mawk:*:*:*:*:*:*:*:*
Vendors & Products Invisible-island
Invisible-island mawk

Mon, 30 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Mawk
Mawk mawk
Vendors & Products Mawk
Mawk mawk

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.
Title MAWK 1.3.3-17 Stack-Based Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Invisible-island Mawk
Mawk Mawk
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T14:13:30.225Z

Reserved: 2026-03-28T11:45:23.311Z

Link: CVE-2017-20229

cve-icon Vulnrichment

Updated: 2026-03-30T14:12:54.291Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-28T12:16:02.400

Modified: 2026-04-02T19:19:06.537

Link: CVE-2017-20229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:38:33Z

Weaknesses