CLSA-2025-1756409922 wget: Fix of CVE-2024-38428

CVE-2024-38428: fix mishandle semicolons in userinfo subcomponent of URI to prevent insecure behavior...

The vulnerability of the userinfo URI component in the GNU Wget download manager allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the userinfo URI component of the GNU Wget download manager is related to unsafe behavior where data that should be contained within the userinfo sub-component is incorrectly interpreted as part of the host’s subcomponent. Exploiting this vulnerability could allow a malicious...

DEBIAN-CVE-2024-38428

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

The vulnerability of the userinfo sub-component in the Lynx text-based web browser lies in the insufficient protection of registration data, allowing attackers to access confidential information.

The vulnerability of the userinfo sub-component in the Lynx text-based web browser is related to the disclosure of credentials via SNI. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential data...