DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2017-20229: CVE-2017-20229: Stack-Based Buffer Overflow in MAWK Interpreter

#security #cve #cybersecurity

CVE-2017-20229: Stack-Based Buffer Overflow in MAWK Interpreter

Vulnerability ID: CVE-2017-20229
CVSS Score: 9.8
Published: 2026-03-28

MAWK versions 1.3.3-17 and prior contain a critical stack-based buffer overflow vulnerability in the main argument parsing and stack management routines. This flaw allows an attacker to achieve arbitrary code execution by supplying excessively long command-line arguments, overwriting adjacent memory to hijack control flow via a Return-Oriented Programming (ROP) chain.

TL;DR

A stack-based buffer overflow in the MAWK interpreter (<= 1.3.3-17) allows local privilege escalation or arbitrary code execution. Attackers exploit this by passing a long string exceeding internal stack limits, overwriting control data to execute a ROP chain.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Stack-Based Buffer Overflow
  • CWE ID: CWE-787
  • CVSS v3.1 Score: 9.8 (Critical)
  • EPSS Score: 0.00077 (22.94%)
  • Exploit Status: Public PoC Available
  • Attack Vector: Local / Remote (Context Dependent)
  • Impact: Arbitrary Code Execution

Affected Systems

  • Debian Linux (Older Releases)
  • Ubuntu Linux (Older Releases)
  • Systems utilizing MAWK <= 1.3.3-17 as the default awk interpreter
  • MAWK: <= 1.3.3-17 (Fixed in: 1.3.4-20171017)

Exploit Details

  • Exploit-DB: Local Buffer Overflow Exploit (Python) for MAWK 1.3.3-17 by Juan Sacco

Mitigation Strategies

  • Upgrade MAWK interpreter packages via the OS package manager
  • Implement command-line auditing to monitor anomalous argument lengths passed to system binaries
  • Ensure web applications and CGI scripts sanitize and truncate untrusted input before passing it to shell utilities

Remediation Steps:

  1. Identify all systems running MAWK using package management queries (e.g., dpkg -l | grep mawk).
  2. Check the specific build version by executing mawk -W version.
  3. If the version date is older than 20171017, update the package using apt-get update && apt-get install mawk.
  4. Verify the update by re-running the version check command to confirm the build date.

References

Read the full report for CVE-2017-20229 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)