CVE-2017-20229
Received Received - Intake
Stack-Based Buffer Overflow in MAWK Allows Arbitrary Code Execution

Publication date: 2026-03-28

Last updated on: 2026-04-02

Assigner: VulnCheck

Description
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-28
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-28
EPSS Evaluated
2026-06-14
NVD
CVE-2017-20229
EUVD
EUVD-2017-18951
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
invisible-island mawk to 1.3.3-17 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of CVE-2017-20229 on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2017-20229 is a critical stack-based buffer overflow vulnerability found in MAWK version 1.3.3-17 and earlier. It occurs because the software does not properly check the boundaries of user-supplied input, allowing attackers to provide malicious input that overflows a stack buffer.

This overflow enables attackers to execute arbitrary code by using a return-oriented programming (ROP) chain. The ROP chain manipulates the program's control flow to spawn a shell with the same privileges as the MAWK application.

Impact Analysis

This vulnerability can have severe impacts including allowing an attacker to execute arbitrary code remotely with the privileges of the MAWK application. This means an attacker could potentially take full control of the affected system or application.

Additionally, failed exploitation attempts can cause denial-of-service (DoS) conditions, disrupting normal operation of the application.

Detection Guidance

This vulnerability involves a stack-based buffer overflow in MAWK 1.3.3-17 and earlier versions triggered by crafted user input. Detection typically involves monitoring for abnormal behavior or crashes of the mawk application, or analyzing inputs that cause buffer overflows.

Since the vulnerability is exploited by passing malicious input to mawk, one detection approach is to run mawk with test inputs designed to trigger the overflow and observe if the application crashes or behaves unexpectedly.

Specific commands to detect the vulnerability are not provided in the resources. However, you can attempt to run mawk with suspicious or crafted payloads similar to those used in the exploit to see if it crashes or spawns a shell unexpectedly.

Mitigation Strategies

Immediate mitigation steps include upgrading MAWK to a version later than 1.3.3-17 where this vulnerability is fixed, or applying any available patches from the vendor.

If upgrading or patching is not immediately possible, restrict access to the mawk application to trusted users only and monitor for suspicious activity or crashes.

Additionally, consider implementing input validation or filtering to prevent malicious inputs that could trigger the buffer overflow.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20229. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart