Lucene search
+L
GnuWget1.25.0

4 matches found

CVE
CVE
added 2026/07/07 7:43 p.m.28 views

CVE-2026-58469

GNU Wget prior to 1.25.0 is affected by a heap buffer underread in clean_metalink_string() inside src/metalink.c when parsing a Metalink URL that is whitespace-only. The issue can lead to memory corruption and abnormal program behavior; the CVE notes multiple CVSS measurements with high impact (a...

8.7CVSS6.2AI score0.00351EPSS
CVE
CVE
added 2026/07/07 7:45 p.m.21 views

CVE-2026-58470

GNU Wget 1.25.0 and earlier is affected by an integer overflow in parse_content_range() (src/http.c) triggered by server-controlled Content-Range headers, leading to undefined behavior and download desynchronization. The issue is fixed in commit 43d3ba9, and users should upgrade to a version that...

6.9CVSS6.1AI score0.00247EPSS
CVE
CVE
added 2026/07/07 7:47 p.m.16 views

CVE-2026-58471

GNU Wget up to 1.25.0 contains a heap buffer overflow in convert_fname() (src/url.c) that can be triggered by a server-supplied filename requiring character set conversion. When the output buffer is too small and iconv E2BIG reallocates, the remaining space is miscalculated, allowing memory corru...

7.1CVSS6.2AI score0.00221EPSS
CVE
CVE
added 2026/07/07 7:50 p.m.11 views

CVE-2026-58472

GNU Wget up to 1.25.0 contains a heap buffer overflow in html_quote_string() (src/convert.c) triggered by a server-supplied HTML attribute with extensive entity encoding. The root cause is a signed integer counter overflow during output size accumulation, leading to an undersized heap allocation ...

7.1CVSS6.3AI score0.00221EPSS