AVG-473 log

Package wget
Status Fixed
Severity Critical
Type multiple issues
Affected 1.19.1-2
Fixed 1.19.2-1
Current 1.20.3-2 [extra]
Ticket None
Created Fri Oct 27 09:05:47 2017
Issue Severity Remote Type Description
CVE-2017-13090 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in the HTTP protocol handling code of wget < 1.19.2, when processing chunked encoded HTTP responses. By tricking...
CVE-2017-13089 Critical Yes Arbitrary code execution
A stack-based buffer overflow has been found in the HTTP protocol handling code of wget < 1.19.2, when processing chunked, encoded HTTP responses. By...
CVE-2017-6508 Medium Yes Content spoofing
A CRLF injection flaw was found in the way wget < 1.19.2 handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in requests,...
Date Advisory Package Description
29 Oct 2017 ASA-201710-34 wget multiple issues