ASA-2019-00284 – wget: Buffer overflow vulnerability in the handling of Internationalized Resource Identifiers (IRI)


Allele Security Alert

ASA-2019-00284

Identifier(s)

ASA-2019-00284, CVE-2019-5953, JVNDB-2019-000022

Title

Buffer overflow vulnerability in the handling of Internationalized Resource Identifiers (IRI)

Vendor(s)

GNU Project

Product(s)

wget

Affected version(s)

wget before version 1.20.3

Fixed version(s)

wget version 1.20.3

Proof of concept

Unknown

Description

It was discovered a buffer overflow vulnerability in the handling of Internationalized Resource Identifiers (IRI) in wget, a network utility to retrieve files from the web, which could result in the execution of arbitrary code or denial of service when recursively downloading from an untrusted server.

Technical details

Unknown

Credits

Kusano Kazuhiko

Reference(s)

Fix a buffer overflow vulnerability
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c

* NEWS: Update NEWS for new releasev1.20.3
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a220ead43505bc3e0ea8efb1572919111dbbf6dc

GNU Wget vulnerable to buffer overflow
https://jvn.jp/en/jp/JVN25261088/index.html

CVE-2019-5953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953

CVE-2019-5953
https://nvd.nist.gov/vuln/detail/CVE-2019-5953

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 20, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.