Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls

...

[SECURITY] Fedora 42 Update: wget2-2.2.1-1.fc42

GNU Wget2 is the successor of GNU Wget, a file and recursive website downloader. Designed and written from scratch it wraps around libwget, that provides the basic functions needed by a web client. Wget2 works multi-threaded and uses many features to allow fast operation. In many cases Wget2...

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

CVE-2025-69195 Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69195 Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69194 Wget2: arbitrary file write via metalink path traversal in gnu wget2

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

[SECURITY] Fedora 43 Update: wget2-2.2.1-1.fc43

GNU Wget2 is the successor of GNU Wget, a file and recursive website downloader. Designed and written from scratch it wraps around libwget, that provides the basic functions needed by a web client. Wget2 works multi-threaded and uses many features to allow fast operation. In many cases Wget2...

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

GNU Wget2 安全漏洞

GNU Wget2 is a web-based download tool for the American GNU community. A security vulnerability exists in GNU Wget2 that stems from a failure to properly validate file paths in the Metalink filename element, which could result in files being written to unexpected locations...

GNU Wget2 安全漏洞

GNU Wget2 is a web-based download tool from the American GNU community. A security vulnerability exists in GNU Wget2 that stems from a stack buffer overflow when handling specially crafted URL paths, which could lead to memory corruption...