Skip to main content

GNU Wget EUVDEUVD-2026-42082

| CVE-2026-58470 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-07-07 VulnCheck GHSA-5f52-px6m-c5hw
6.9
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network vector with no privileges or user interaction required in automated contexts; impact is limited to low availability (download desynchronization) with no confidentiality or integrity impact confirmed.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 20:58 vuln.today

DescriptionCVE.org

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigger undefined behavior and download desynchronization in the affected client.

AnalysisAI

Integer overflow in GNU Wget through 1.25.0 allows a malicious or compromised web server to corrupt client download sessions by supplying crafted Content-Range response headers. The parse_content_range() function in src/http.c performs signed integer arithmetic on server-supplied values without overflow guards, triggering undefined behavior under C's signed overflow rules and causing download desynchronization on the affected client. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker deploys or compromises a web server
Delivery
Victim wget client requests file from malicious URL
Exploit
Server responds HTTP 206 with crafted Content-Range header
Execution
parse_content_range() performs signed integer arithmetic overflow
Persist
Undefined behavior triggers download desynchronization
Impact
Downloaded file is silently corrupted on victim system

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim wget client to initiate an HTTP or HTTPS connection to an attacker-controlled or attacker-compromised server that returns a crafted Content-Range response header. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N, score 6.9) positions this as a medium-severity, network-accessible, zero-prerequisite flaw with low availability impact and no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker operates a malicious web server (or performs a man-in-the-middle attack against HTTP traffic) and waits for a victim's wget client to request a file. The server responds with an HTTP 206 Partial Content message containing a Content-Range header crafted with values that overflow a signed integer in parse_content_range(), triggering undefined behavior that desynchronizes the download state - causing the victim to receive a silently corrupted or incomplete file without a clear error indication. …
Remediation The primary remediation is to upgrade to a version of GNU Wget that includes upstream commit 43d3ba9336bc94937e6fae2365c6ffd30c34ffcf (https://gitlab.com/gnuwget/wget/-/commit/43d3ba9336bc94937e6fae2365c6ffd30c34ffcf). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Wget

View all
CVE-2014-4877 CRITICAL POC
9.3 Oct 29

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to w

CVE-2016-4971 HIGH POC
8.8 Jun 30

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F

CVE-2017-13089 HIGH
8.8 Oct 27

The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. Rated high sev

CVE-2016-7098 HIGH POC
8.1 Sep 26

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow

CVE-2018-20483 HIGH POC
7.8 Dec 26

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata at

CVE-2017-13090 HIGH
8.8 Oct 27

The retr.c:fd_read_body() function is called when processing OK responses. Rated high severity (CVSS 8.8), this vulnerab

CVE-2018-0494 MEDIUM POC
6.5 May 06

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequen

CVE-2017-6508 MEDIUM POC
6.1 Mar 07

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject

CVE-2019-5953 CRITICAL
9.8 May 17

Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute

CVE-2024-38428 CRITICAL
9.1 Jun 16

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be inse

CVE-2026-58469 HIGH
8.7 Jul 07

Denial of service in GNU Wget through 1.25.0 lets a malicious or compromised HTTP(S) server crash the client by serving

CVE-2021-31879 MEDIUM
6.1 Apr 29

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to

Share

EUVD-2026-42082 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy