CVE-2017-13089— GNU Wget: stack overflow in HTTP protocol handling
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-13089
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GNU Wget: stack overflow in HTTP protocol handling
Source: NVD (National Vulnerability Database)
Vulnerability Description
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU Wget 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU Wget是GNU计划开发的一套用于在网络上进行下载的自由软件,它支持通过HTTP、HTTPS以及FTP这三个最常见的TCP/IP协议下载。 GNU Wget 1.19.2之前的版本中存在基于栈的缓冲区溢出漏洞。远程攻击者可利用该漏洞在受影响的应用程序上下文中执行任意代码或造成拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GNU Project | Wget | prior to 1.19.2 | - |
II. Public POCs for CVE-2017-13089
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | PoC for wget v1.19.1 | https://github.com/r1b/CVE-2017-13089 | POC Details |
| 2 | CVE-2017-13089 | https://github.com/mzeyong/CVE-2017-13089 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-13089
请登录查看更多情报信息。
- https://github.com/r1b/CVE-2017-13089x_refsource_MISC
- https://www.synology.com/support/security/Synology_SA_17_62_Wgetx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2017-13089
IV. Related Vulnerabilities
Same weakness: CWE-121
- CVE-2026-8258
Squirrel sqstdstring.cpp validate_format stack-based overflo - CVE-2026-8234
EFM ipTIME A8004T WifiBasicSet formWifiBasicSet stack-based - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-41509
Integer underflow in crypto_sign_open() leads to buffer over - CVE-2026-8138
Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based
V. Comments for CVE-2017-13089
No comments yet