CVE-2017-20229

CRITICAL

MAWK 1.3.3-17 Stack-Based Buffer Overflow

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20229. PoCs published by Juan Sacco.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in MAWK 1.3.3-17 via a crafted ROP chain to execute arbitrary code. It constructs a payload to write '/bin//sh' into memory and trigger execve via int 0x80.

Description

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.

Exploits (1)

exploitdb WORKING POC
by Juan Sacco · pythonlocallinux
https://www.exploit-db.com/exploits/42357

This exploit demonstrates a stack-based buffer overflow in MAWK 1.3.3-17 via a crafted ROP chain to execute arbitrary code. It constructs a payload to write '/bin//sh' into memory and trigger execve via int 0x80.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MAWK (AWK Interpreter) 1.3.3-17 and prior
No auth needed
Prerequisites: MAWK installed on the target system
devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit
ExploitDB-42357
https://www.exploit-db.com/exploits/42357
Third Party Advisory third-party-advisory
VulnCheck Advisory: MAWK 1.3.3-17 Stack-Based Buffer Overflow
https://www.vulncheck.com/advisories/mawk-17-stack-based-buffer-overflow

Scores

CVSS v3 9.8
EPSS 0.0060
EPSS Percentile 43.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (2)
invisible-island/mawk < 1.3.3-17
mawk/MAWK 1.3.3-17
Published Mar 28, 2026
Tracked Since Mar 29, 2026