CVE-2017-20229
Received Received - Intake

Stack-Based Buffer Overflow in MAWK Allows Arbitrary Code Execution

Vulnerability report for CVE-2017-20229, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-28

Last updated on: 2026-04-02

Assigner: VulnCheck

Description

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-28
Last Modified
2026-04-02
Generated
2026-07-06
AI Q&A
2026-03-28
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
invisible-island mawk to 1.3.3-17 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2017-20229 is a critical stack-based buffer overflow vulnerability found in MAWK version 1.3.3-17 and earlier. It occurs because the software does not properly check the boundaries of user-supplied input, allowing attackers to provide malicious input that overflows a stack buffer.

This overflow enables attackers to execute arbitrary code by using a return-oriented programming (ROP) chain. The ROP chain manipulates the program's control flow to spawn a shell with the same privileges as the MAWK application.

Impact Analysis

This vulnerability can have severe impacts including allowing an attacker to execute arbitrary code remotely with the privileges of the MAWK application. This means an attacker could potentially take full control of the affected system or application.

Additionally, failed exploitation attempts can cause denial-of-service (DoS) conditions, disrupting normal operation of the application.

Detection Guidance

This vulnerability involves a stack-based buffer overflow in MAWK 1.3.3-17 and earlier versions triggered by crafted user input. Detection typically involves monitoring for abnormal behavior or crashes of the mawk application, or analyzing inputs that cause buffer overflows.

Since the vulnerability is exploited by passing malicious input to mawk, one detection approach is to run mawk with test inputs designed to trigger the overflow and observe if the application crashes or behaves unexpectedly.

Specific commands to detect the vulnerability are not provided in the resources. However, you can attempt to run mawk with suspicious or crafted payloads similar to those used in the exploit to see if it crashes or spawns a shell unexpectedly.

Mitigation Strategies

Immediate mitigation steps include upgrading MAWK to a version later than 1.3.3-17 where this vulnerability is fixed, or applying any available patches from the vendor.

If upgrading or patching is not immediately possible, restrict access to the mawk application to trusted users only and monitor for suspicious activity or crashes.

Additionally, consider implementing input validation or filtering to prevent malicious inputs that could trigger the buffer overflow.

Compliance Impact

The provided information does not specify any direct impact of CVE-2017-20229 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20229. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart