Skip to main content
Version: latest

CVE-2023-4156

CVE Details

Visit the official vulnerability details page for CVE-2023-4156 to learn more.

Initial Publication

10/25/2024

Last Update

12/16/2024

Third Party Dependency

gawk

NIST CVE Summary

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

CVE Severity

7.1

Our Official Summary

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. The images where this vulnrability is have controls in place are not accessible outside the cluster. So the attacker needs to gain privileged access to the cluster to attempt this exploit. Impact of this exploit is also low, since container doesn't allow host breakout.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.15⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.11⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.10⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.8⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.5⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.4⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.4.20⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact

Revision History

DateRevision
12/16/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15
12/04/2024Official summary revised: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. The images where this vulnrability is have controls in place are not accessible outside the cluster. So the attacker needs to gain privileged access to the cluster to attempt this exploit. Impact of this exploit is also low, since container doesn't allow host breakout.
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/14/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5