rpm package
suse/wget&distro=SUSE Linux Enterprise Server 12-LTSS
pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5953 | — | < 1.14-21.10.1 | 1.14-21.10.1 | May 17, 2019 | Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. | ||
| CVE-2017-13090 | Hig | 8.8 | < 1.14-21.3.1 | 1.14-21.3.1 | Oct 27, 2017 | The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to | |
| CVE-2017-13089 | Hig | 8.8 | < 1.14-21.3.1 | 1.14-21.3.1 | Oct 27, 2017 | The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative |
- CVE-2019-5953May 17, 2019affected < 1.14-21.10.1fixed 1.14-21.10.1
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
- affected < 1.14-21.3.1fixed 1.14-21.3.1
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to
- affected < 1.14-21.3.1fixed 1.14-21.3.1
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative