ID CVE-2019-5953
Summary Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:wget:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.4-1:*:*:*:gnuwin32:*:*:*
    cpe:2.3:a:gnu:wget:1.11.4-1:*:*:*:gnuwin32:*:*:*
  • cpe:2.3:a:gnu:wget:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.19.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.19.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.20.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1695679
    title CVE-2019-5953 wget: do_conversion() heap-based buffer overflow vulnerability
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment wget is earlier than 0:1.19.5-7.el8_0.1
            oval oval:com.redhat.rhsa:tst:20190983001
          • comment wget is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140151002
        • AND
          • comment wget-debugsource is earlier than 0:1.19.5-7.el8_0.1
            oval oval:com.redhat.rhsa:tst:20190983003
          • comment wget-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190983004
    rhsa
    id RHSA-2019:0983
    released 2019-05-07
    severity Important
    title RHSA-2019:0983: wget security update (Important)
  • bugzilla
    id 1695679
    title CVE-2019-5953 wget: do_conversion() heap-based buffer overflow vulnerability
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment wget is earlier than 0:1.14-18.el7_6.1
        oval oval:com.redhat.rhsa:tst:20191228001
      • comment wget is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140151002
    rhsa
    id RHSA-2019:1228
    released 2019-05-14
    severity Important
    title RHSA-2019:1228: wget security update (Important)
  • rhsa
    id RHSA-2019:2979
  • rhsa
    id RHSA-2019:3168
rpms
  • wget-0:1.19.5-7.el8_0.1
  • wget-debuginfo-0:1.19.5-7.el8_0.1
  • wget-debugsource-0:1.19.5-7.el8_0.1
  • wget-0:1.14-18.el7_6.1
  • wget-debuginfo-0:1.14-18.el7_6.1
  • wget-0:1.14-16.el7_5.1
  • wget-debuginfo-0:1.14-16.el7_5.1
  • wget-0:1.14-15.el7_4.2
  • wget-debuginfo-0:1.14-15.el7_4.2
refmap via4
confirm https://support.f5.com/csp/article/K14560101
gentoo GLSA-201908-19
misc
Last major update 24-08-2020 - 17:37
Published 17-05-2019 - 16:29
Last modified 24-08-2020 - 17:37
Back to Top