Medium severity6.5NVD Advisory· Published May 6, 2018· Updated Jun 17, 2026
CVE-2018-0494
CVE-2018-0494
Description
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords7 versionspkg:rpm/opensuse/wget&distro=openSUSE%20Tumbleweedpkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/wget-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
< 1.21.1-2.2+ 6 more
- (no CPE)range: < 1.21.1-2.2
- (no CPE)range: < 1.14-21.7.1
- (no CPE)range: < 1.11.4-1.41.3.1
- (no CPE)range: < 1.14-21.7.1
- (no CPE)range: < 1.11.4-1.41.3.1
- (no CPE)range: < 1.14-21.7.1
- (no CPE)range: < 1.11.4-1.41.3.1
Patches
Vulnerability mechanics
References
12- lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.htmlnvdPatchThird Party Advisory
- sintonen.fi/advisories/gnu-wget-cookie-injection.txtnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/44601/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/104129nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040838nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:3052nvdThird Party Advisory
- git.savannah.gnu.org/cgit/wget.git/commit/nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/05/msg00006.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201806-01nvdThird Party Advisory
- usn.ubuntu.com/3643-1/nvdThird Party Advisory
- usn.ubuntu.com/3643-2/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4195nvdThird Party Advisory
News mentions
0No linked articles in our index yet.