CVE-2017-20229
Published: 28 March 2026
Summary
CVE-2017-20229 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Invisible-Island Mawk. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2017-20229 is a stack-based buffer overflow vulnerability (CWE-787) affecting MAWK versions 1.3.3-17 and prior. The issue stems from inadequate boundary checks on user-supplied input, which allows the stack buffer to be overflowed when processing malicious data.
Remote attackers can exploit this vulnerability with low complexity and no privileges or user interaction required, as reflected in its CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By crafting specially designed input, attackers can trigger the overflow and leverage a return-oriented programming (ROP) chain to execute arbitrary code, including spawning a shell with the application's privileges.
Resources for further details include a public exploit on Exploit-DB at https://www.exploit-db.com/exploits/42357 and a vulnerability advisory from VulnCheck at https://www.vulncheck.com/advisories/mawk-17-stack-based-buffer-overflow. No specific patch or mitigation guidance is detailed in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-18951
Vulnerability details
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming…
more
chain to spawn a shell with application privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated stack buffer overflow enabling arbitrary code execution and Unix shell access via ROP in a publicly exposed AWK interpreter.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identification, reporting, and correction of the stack-based buffer overflow flaw in MAWK, eliminating the vulnerability through patching.
Enforces validation of user-supplied inputs with boundary checks, preventing the buffer overflow exploitation in MAWK.
Implements memory safeguards like stack canaries and non-executable memory to block arbitrary code execution from the MAWK buffer overflow.