CLD-117 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
wget |
Deficiency Type |
SECURITY |
Date Created |
2017-10-26 12:30:14 |
Date Last Modified |
2017-10-26 13:21:01 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in wget-1.19.2-i686-1 |
Cucumber 1.0 x86_64 | fixed in wget-1.19.2-x86_64-1 |
Cucumber 1.1 i686 |
fixed in wget-1.19.2-i686-1 |
Cucumber 1.1 x86_64 |
fixed in wget-1.19.2-x86_64-1 |
Details:
A heap-based buffer overflow, when processing chunked encoded HTTP responses,
was found in wget. By tricking an unsuspecting user into connecting to a
malicious HTTP server, an attacker could exploit this flaw to potentially
execute arbitrary code (https://access.redhat.com/security/cve/CVE-2017-13090).
This has been fixed in wget 1.19.2
(https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html).