Medium severity6.1NVD Advisory· Published Mar 7, 2017· Updated Jun 17, 2026
CVE-2017-6508
CVE-2017-6508
Description
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- osv-coords11 versionspkg:rpm/opensuse/wget&distro=openSUSE%20Tumbleweedpkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/wget-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
< 1.21.1-2.2+ 10 more
- (no CPE)range: < 1.21.1-2.2
- (no CPE)range: < 1.14-20.1
- (no CPE)range: < 1.14-20.1
- (no CPE)range: < 1.11.4-1.40.1
- (no CPE)range: < 1.14-20.1
- (no CPE)range: < 1.14-20.1
- (no CPE)range: < 1.14-20.1
- (no CPE)range: < 1.11.4-1.40.1
- (no CPE)range: < 1.14-20.1
- (no CPE)range: < 1.14-20.1
- (no CPE)range: < 1.11.4-1.40.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.