CVE-2017-20229
Stack-Based Buffer Overflow in MAWK Allows Arbitrary Code Execution
Publication date: 2026-03-28
Last updated on: 2026-04-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| invisible-island | mawk | to 1.3.3-17 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2017-20229 is a critical stack-based buffer overflow vulnerability found in MAWK version 1.3.3-17 and earlier. It occurs because the software does not properly check the boundaries of user-supplied input, allowing attackers to provide malicious input that overflows a stack buffer.
This overflow enables attackers to execute arbitrary code by using a return-oriented programming (ROP) chain. The ROP chain manipulates the program's control flow to spawn a shell with the same privileges as the MAWK application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of CVE-2017-20229 on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing an attacker to execute arbitrary code remotely with the privileges of the MAWK application. This means an attacker could potentially take full control of the affected system or application.
Additionally, failed exploitation attempts can cause denial-of-service (DoS) conditions, disrupting normal operation of the application.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a stack-based buffer overflow in MAWK 1.3.3-17 and earlier versions triggered by crafted user input. Detection typically involves monitoring for abnormal behavior or crashes of the mawk application, or analyzing inputs that cause buffer overflows.
Since the vulnerability is exploited by passing malicious input to mawk, one detection approach is to run mawk with test inputs designed to trigger the overflow and observe if the application crashes or behaves unexpectedly.
Specific commands to detect the vulnerability are not provided in the resources. However, you can attempt to run mawk with suspicious or crafted payloads similar to those used in the exploit to see if it crashes or spawns a shell unexpectedly.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading MAWK to a version later than 1.3.3-17 where this vulnerability is fixed, or applying any available patches from the vendor.
If upgrading or patching is not immediately possible, restrict access to the mawk application to trusted users only and monitor for suspicious activity or crashes.
Additionally, consider implementing input validation or filtering to prevent malicious inputs that could trigger the buffer overflow.