CLD-116 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-13089 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s) RHSA-2017:3075-01

Basic Information:

Affected Package(s) wget
Deficiency Type SECURITY
Date Created 2017-10-26 12:30:01
Date Last Modified 2017-10-26 13:21:01

Version Specific Information:

Cucumber 1.0 i686fixed in wget-1.19.2-i686-1
Cucumber 1.0 x86_64fixed in wget-1.19.2-x86_64-1

Cucumber 1.1 i686 fixed in wget-1.19.2-i686-1
Cucumber 1.1 x86_64 fixed in wget-1.19.2-x86_64-1

Details:

A stack-based buffer overflow when processing chunked, encoded HTTP responses
was found in wget. By tricking an unsuspecting user into connecting to a
malicious HTTP server, an attacker could exploit this flaw to potentially
execute arbitrary code (https://access.redhat.com/security/cve/CVE-2017-13089).

This has been fixed in wget 1.19.2
(https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html).