Unrated severityNVD Advisory· Published Jun 16, 2024· Updated Apr 21, 2025
CVE-2024-38428
CVE-2024-38428
Description
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- osv-coords10 versionspkg:rpm/almalinux/wgetpkg:rpm/opensuse/wget&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/wget&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/wget&distro=openSUSE%20Tumbleweedpkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/wget&distro=SUSE%20Linux%20Micro%206.0
< 1.19.5-12.el8_10+ 9 more
- (no CPE)range: < 1.19.5-12.el8_10
- (no CPE)range: < 1.20.3-150000.3.20.1
- (no CPE)range: < 1.20.3-150600.19.3.1
- (no CPE)range: < 1.24.5-2.1
- (no CPE)range: < 1.20.3-150000.3.20.1
- (no CPE)range: < 1.20.3-150000.3.20.1
- (no CPE)range: < 1.20.3-150600.19.3.1
- (no CPE)range: < 1.14-21.19.1
- (no CPE)range: < 1.14-21.19.1
- (no CPE)range: < 1.24.5-1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.