Information on source package wget

Available versions

ReleaseVersion
jessie1.16-1+deb8u7
stretch1.18-5+deb9u3
buster1.20.1-1.1
bullseye1.21-1+deb11u1
bookworm1.21.3-1
trixie1.24.5-2
sid1.24.5-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-38428vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedurl.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...
CVE-2024-10524vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableApplications that use Wget to access a remote resource using shorthand ...
CVE-2021-31879vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableGNU Wget through 1.21.1 does not omit the Authorization header upon a ...

Resolved issues

BugDescription
CVE-2019-5953Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers ...
CVE-2018-20483set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's ...
CVE-2018-0494GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...
CVE-2017-13090The retr.c:fd_read_body() function is called when processing OK respon ...
CVE-2017-13089The http.c:skip_short_body() function is called in some circumstances, ...
CVE-2017-6508CRLF injection vulnerability in the url_parse function in url.c in Wge ...
CVE-2016-7098Race condition in wget 1.17 and earlier, when used in recursive or mir ...
CVE-2016-4971GNU wget before 1.18 allows remote servers to write to arbitrary files ...
CVE-2014-4877Absolute path traversal vulnerability in GNU Wget before 1.16, when re ...
CVE-2010-2252GNU Wget 1.12 and earlier uses a server-provided filename instead of t ...
CVE-2009-3490GNU Wget before 1.12 does not properly handle a '\0' character in a do ...
CVE-2006-6719The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...
CVE-2005-3185Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...
CVE-2004-2014Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...
CVE-2004-1488wget 1.8.x and 1.9.x does not filter or quote control characters when ...
CVE-2004-1487wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...
CVE-2002-1565Buffer overflow in url_filename function for wget 1.8.1 allows attacke ...
CVE-2002-1344Directory traversal vulnerability in wget before 1.8.2-4 allows a remo ...

Security announcements

DSA / DLADescription
ELA-211-1wget - security update
DLA-2086-1wget - security update
ELA-112-1wget - security update
DLA-1760-1wget - security update
DSA-4425-1wget - security update
DLA-1375-1wget - security update
DSA-4195-1wget - security update
DSA-4008-1wget - security update
DLA-1149-1wget - security update
DLA-851-1wget - security update
DLA-536-1wget - security update
DLA-82-1wget - security update
DSA-3062-1wget - security update
DSA-2088-1wget - potential code execution
DSA-1904-1wget - SSL certificate verification weakness
DSA-209wget - directory traversal

Search for package or bug name: Reporting problems