VYPR

rpm package

suse/wget&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Vulnerabilities (5)

  • CVE-2019-5953May 17, 2019
    affected < 1.14-21.10.1fixed 1.14-21.10.1

    Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.

  • CVE-2017-13090HigOct 27, 2017
    affected < 1.14-21.3.1fixed 1.14-21.3.1

    The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to

  • CVE-2017-13089HigOct 27, 2017
    affected < 1.14-21.3.1fixed 1.14-21.3.1

    The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative

  • CVE-2017-6508MedMar 7, 2017
    affected < 1.14-20.1fixed 1.14-20.1

    CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

  • CVE-2016-7098HigSep 26, 2016
    affected < 1.14-17.1fixed 1.14-17.1

    Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.