Lucene search
K

4 matches found

OSV
OSV
added 5 days ago3 views

DEBIAN-CVE-2026-58469

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

7.5CVSS6.2AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-58469

GNU Wget prior to 1.25.0 is affected by a heap buffer underread in clean_metalink_string() inside src/metalink.c when parsing a Metalink URL that is whitespace-only. The issue can lead to memory corruption and abnormal program behavior; the CVE notes multiple CVSS measurements with high impact (a...

8.7CVSS6.2AI score0.00351EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS0.00351EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/01/09 7:53 a.m.3 views

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

9.8CVSS6AI score0.00707EPSS
Exploits1References2
Rows per page
Query Builder