Primary

Context

MAWK Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in MAWK versions through 1.3.3-17. This vulnerability arises from inadequate boundary checks on user-supplied input, allowing attackers to overflow the stack buffer and execute arbitrary code. Exploitation involves crafting malicious input that triggers the overflow, enabling the execution of a return-oriented programming (ROP) chain to spawn a shell with application privileges.

Impact

Exploitation of this vulnerability leads to arbitrary code execution with the privileges of the application.

Reproduction

The vulnerability can be reproduced by inputting data that exceeds the buffer's capacity, specifically by using a ROP chain that is carefully crafted to exploit the overflow. This can be done using a local exploit available on Exploit Database.

Added: Mar 28, 2026, 12:29 PM

Updated: Mar 28, 2026, 12:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MAWK Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating