188 matches found
DEBIAN-CVE-2026-58469
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
CVE-2026-58469
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
CVE-2026-58469
GNU Wget prior to 1.25.0 is affected by a heap buffer underread in clean_metalink_string() inside src/metalink.c when parsing a Metalink URL that is whitespace-only. The issue can lead to memory corruption and abnormal program behavior; the CVE notes multiple CVSS measurements with high impact (a...
EUVD-2026-42081
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
CVE-2026-58469
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
CVE-2026-58469
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
PT-2026-56238
Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description A heap buffer underread exists in the clean metalink string function within src/metalink.c. This occurs when the software processes a Metalink document containing a URL consisting only of whitespac...
RLSA-2026:33124 Moderate: coreutils security update
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...
coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification
A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...
Moderate: Red Hat Security Advisory: coreutils security update
An update for coreutils is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ALSA-2026:33124 Moderate: coreutils security update
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...
RLSA-2026:28911 Moderate: coreutils security update
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...
Moderate: Red Hat Security Advisory: coreutils security update
An update for coreutils is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification
A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...
Moderate: coreutils security update
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...
ALSA-2026:28911 Moderate: coreutils security update
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...
EulerOS Virtualization 2.13.0 : glibc (EulerOS-SA-2026-2399)
According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a...
EulerOS Virtualization 2.13.1 : glibc (EulerOS-SA-2026-2370)
According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a...
CentOS 9 : coreutils-8.32-42.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the coreutils-8.32-42.el9 build changelog. - A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory...