VulnerableCode Package Details - pkg:deb/debian/wget@1.18-5%2Bdeb9u3

Search for packages

Package details: pkg:deb/debian/wget@1.18-5%2Bdeb9u3

Essentials
History (13)

purl	pkg:deb/debian/wget@1.18-5%2Bdeb9u3

Next non-vulnerable version	1.25.0-2
Latest non-vulnerable version	1.25.0-2
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-4sdq-v9u1-97fy Aliases: CVE-2017-13089		1.20.1-1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dt45-jeut-aygn Aliases: CVE-2017-6508		1.20.1-1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-huu2-56sz-cygz Aliases: CVE-2017-13090		1.20.1-1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jgy2-zfn9-zufe Aliases: CVE-2024-38428	url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.	1.21.3-1+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rk2k-3ke9-h3ev Aliases: CVE-2018-0494	GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.	1.20.1-1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-tcup-t96u-s7gm Aliases: CVE-2018-20483	set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.	1.20.1-1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wa8k-k5qt-f3bv Aliases: CVE-2019-5953	Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.	1.20.1-1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (6)

Vulnerability	Summary	Aliases
VCID-229q-3atb-7qfa		CVE-2016-4971
VCID-49ve-fmbg-dfax		CVE-2016-7098
VCID-4sdq-v9u1-97fy		CVE-2017-13089
VCID-huu2-56sz-cygz		CVE-2017-13090
VCID-rk2k-3ke9-h3ev	GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.	CVE-2018-0494
VCID-wa8k-k5qt-f3bv	Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.	CVE-2019-5953

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:40:54.333214+00:00	Debian Oval Importer	Affected by	VCID-jgy2-zfn9-zufe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:58:35.808572+00:00	Debian Oval Importer	Affected by	VCID-4sdq-v9u1-97fy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:05:39.335870+00:00	Debian Oval Importer	Affected by	VCID-tcup-t96u-s7gm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:37:03.341385+00:00	Debian Oval Importer	Fixing	VCID-229q-3atb-7qfa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:11:38.503495+00:00	Debian Oval Importer	Affected by	VCID-huu2-56sz-cygz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:24:36.079337+00:00	Debian Oval Importer	Affected by	VCID-dt45-jeut-aygn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:42:44.375493+00:00	Debian Oval Importer	Affected by	VCID-rk2k-3ke9-h3ev	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:52:45.346422+00:00	Debian Oval Importer	Fixing	VCID-49ve-fmbg-dfax	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:33:28.729038+00:00	Debian Oval Importer	Affected by	VCID-wa8k-k5qt-f3bv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:09:36.521760+00:00	Debian Oval Importer	Fixing	VCID-4sdq-v9u1-97fy	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T11:02:08.798860+00:00	Debian Oval Importer	Fixing	VCID-wa8k-k5qt-f3bv	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T11:00:36.910906+00:00	Debian Oval Importer	Fixing	VCID-huu2-56sz-cygz	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T10:56:27.792792+00:00	Debian Oval Importer	Fixing	VCID-rk2k-3ke9-h3ev	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0